In message <[EMAIL PROTECTED]>, "Joseph D. H
arwood" writes:
>This is a multi-part message in MIME format.
>
>--=_NextPart_000_0022_01C0A245.80C7E140
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>
>My understanding of the draft was that, one of the g
First, I a gree with S Kent, J. Hardwood and S. Bellovin on the ESP tunnel
mode (Thank y'all). I shall update the draft to reflect the the
2 possibilities, AH (+ESP) in transport mode, and tunnel mode ESP with the
label on the h-b-h of the inner header.
> >>>it. In a link-local scope, where th
PROTECTED]
> Subject: Label on the H-b-H (was Re: Internet Draft for explicit
> security labels in IPv6. )
>
>
> For a router to trust a label in the hop-by-hop header, it has to either
> *believe* the packet is authentic (packet coming in through an interface
> connected to a hi
For a router to trust a label in the hop-by-hop header, it has to either
*believe* the packet is authentic (packet coming in through an interface
connected to a highly secured network), or it is the other end (dst) of an
AH AS protecting the labeled packet.
Here is an example:
Secure (trus
7:18 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Internet Draft for explicit security labels in IPv6.
>
>
> Greetings,
>
> IPv4 had IPSO and CIPSO for labeling of packets assuming we're operating
> within the premises of a trusted infrastructure.
> I
>>It mandates a guarantee that the label on the IPv6 is authentic before trustin
>>g
>>it. In a link-local scope, where the label is proposed to be carried in the
>>destination header, ESP is mandatory and sufficient.
>>On a wider scope, AH is necessary.
>
>Or it could be bound to the certificate
; From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 01, 2001 11:27 AM
> To: Kais Belgaied
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: Re: Internet Draft for explicit security labels in IPv6.
>
>
> In message <[EMAIL PR
18 PM
>> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
>> Subject: Internet Draft for explicit security labels in IPv6.
>>
>>
>> Greetings,
>>
>> IPv4 had IPSO and CIPSO for labeling of packets assuming we're operating
>> within the premises of
Greetings,
IPv4 had IPSO and CIPSO for labeling of packets assuming we're operating
within the premises of a trusted infrastructure.
IPv6 only has the implicit labeling by having different IPsec SAs convey
different labels.
We think there is a need to have explicit labels in IPv6, whether or not
I'm not sure what problem you're trying to solve, but:
- The assumption in the draft seems to be that SA's are heavy-weight
objects. this is not the case and it is certainly my intent to ensure
that they are as lightweight as possible within Sun's ipsec
implementation..
- I agree with what St
In message <[EMAIL PROTECTED]>, Kais Belgaied writes:
>>>It mandates a guarantee that the label on the IPv6 is authentic before trust
>in
>>>g
>>>it. In a link-local scope, where the label is proposed to be carried in the
>>>destination header, ESP is mandatory and sufficient.
>>>On a wider scope,
Kais,
>Greetings,
>
>IPv4 had IPSO and CIPSO for labeling of packets assuming we're operating
>within the premises of a trusted infrastructure.
>IPv6 only has the implicit labeling by having different IPsec SAs convey
>different labels.
>We think there is a need to have explicit labels in IPv6, w
In message <[EMAIL PROTECTED]>, "Joseph D. H
arwood" writes:
>This is a multi-part message in MIME format.
>
>--=_NextPart_000_0022_01C0A245.80C7E140
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>
>My understanding of the draft was that, one of the g
vesta-corp.com
> >
> >> -Original Message-
> >> From: [EMAIL PROTECTED]
> >> [mailto:[EMAIL PROTECTED]]On Behalf Of Kais Belgaied
> >> Sent: Wednesday, February 28, 2001 7:18 PM
> >> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> >> Subject:
14 matches
Mail list logo