In message <[EMAIL PROTECTED]>, "Joseph D. H
arwood" writes:
>This is a multi-part message in MIME format.
>
>------=_NextPart_000_0022_01C0A245.80C7E140
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>
>My understanding of the draft was that, one of the goals is for intervening
>routers to be able to make routing decisions based on the contents of the
>security label (Section 3.4):
>
> A router needs to trust the authenticity and integrity of a
> packet before making routing decision based on the content of its
> label.
>
>The proposal is to permit security labels in Hop-By-Hop Extension Headers,
>which (if I remember correctly) are only protected by AH.
>
>This would seem to require AH.
As I noted earlier, the intervening routers don't have the key to
verify the AH protection.
--Steve Bellovin, http://www.research.att.com/~smb
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
