; >> > Cc: ipv6@ietf.org
> >>
> >>
> >>> Subject: RE: Security Requirements for IPv6 Node Req summary
> >> >
> >> > Sorry, that was a cut & paste mistake. AH is a MAY.
> >> >
> >> > John
Brian E Carpenter [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 06, 2008 7:16 PM
> To: Dunn, Jeffrey H.
> Cc: Vishwas Manral; Tim Enos; [EMAIL PROTECTED]; ipv6@ietf.org
> Subject: Re: Security Requirements for IPv6 Node Req summary
>
> I don't see why this would
summary
>> >
>> > Sorry, that was a cut & paste mistake. AH is a MAY.
>> >
>> > John
>> >
>> > >-Original Message-
>> > >From: ext Vishwas Manral [mailto:[EMAIL PROTECTED]
>> > >Sent: 05 March
On 2008-03-08 07:32, Bob Hinden wrote:
>
> On Mar 6, 2008, at 4:15 PM, ext Brian E Carpenter wrote:
>
>> I don't see why this would belong in a generic IPv6 node
>> requirement. It belongs in the OSPFv3 spec.
>
> It certainly belongs in the OSPFv3 specification, but I don't see any
> harm in put
> -Original Message-
> From: Dunn, Jeffrey H. [mailto:[EMAIL PROTECTED]
> I believe that the real issue is the following:
>
> 1. Simply authenticating the message contents, as in the case of
> ESP-NULL, does not authenticate the sender.
> 2. Since ESP-NULL does not provide confidentialit
On Mar 6, 2008, at 4:15 PM, ext Brian E Carpenter wrote:
> I don't see why this would belong in a generic IPv6 node
> requirement. It belongs in the OSPFv3 spec.
It certainly belongs in the OSPFv3 specification, but I don't see any
harm in putting a note into IPv6 node requirements that the IP
: Thursday, March 06, 2008 8:50 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: ipv6@ietf.org
Subject: RE: Security Requirements for IPv6 Node Req summary
ESP == MUST && AH == MUST
There is a major problem with ESP/NULL & firewalls, so AH has to be
there.
The crap about lack of an API as
PROTECTED]; ipv6@ietf.org
Subject: Re: Security Requirements for IPv6 Node Req summary
I don't see why this would belong in a generic IPv6 node
requirement. It belongs in the OSPFv3 spec.
Brian
On 2008-03-07 08:57, Dunn, Jeffrey H. wrote:
> Vishwas and Tim,
>
> I would prefer
ECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
>
> > [EMAIL PROTECTED]
> > Sent: Wednesday, March 05, 2008 12:15 PM
> > To: [EMAIL PROTECTED]
> > Cc: ipv6@ietf.org
>
>
> > Subject: RE: Security Requirements for IPv6 Node Req summary
> >
> > So
008 2:45 PM
To: Dunn, Jeffrey H.
Cc: Brian E Carpenter; [EMAIL PROTECTED]; ipv6@ietf.org
Subject: Re: Security Requirements for IPv6 Node Req summary
Hi Jeff,
You are close but still not quite there.
OSPFv2 had some fields in all packets (LSA is not a packet but a
content in a packet) to send a
Wednesday, March 05, 2008 12:15 PM
> To: [EMAIL PROTECTED]
> Cc: ipv6@ietf.org
> Subject: RE: Security Requirements for IPv6 Node Req summary
>
> Sorry, that was a cut & paste mistake. AH is a MAY.
>
> John
>
> >-Original Message-
> >From: ext Vishwas
m Enos
Ps 84:10-12
>Subject: Re: Security Requirements for IPv6 Node Req summary
>Hi Tim,
>
>You may have not read the OSPFv3 security RFC - RFC4552. It states clearly:
>
> In order to provide authentication to OSPFv3, implementations MUST
> support ESP and MAY support AH.
>
&
gt; >Jeffrey Dunn
>> >Info Systems Eng., Lead
>> >MITRE Corporation.
>> >-Original Message-
>> >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of
>> >Brian E Carpenter
>> >Sent: Wednesday, March 05, 2008 4:
.; [EMAIL PROTECTED];
ipv6@ietf.org
Subject: Re: Security Requirements for IPv6 Node Req summary
Hi Tim,
You may have not read the OSPFv3 security RFC - RFC4552. It states
clearly:
In order to provide authentication to OSPFv3, implementations MUST
support ESP and MAY support AH.
Thanks
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
> Brian E Carpenter
> Sent: Wednesday, March 05, 2008 4:22 PM
> To: [EMAIL PROTECTED]
> Cc: ipv6@ietf.org
> Subject: Re: Security Requirements for IPv6 Node Req summary
>
gt;
> >On 2008-03-06 09:14, [EMAIL PROTECTED] wrote:
> >> Sorry, that was a cut & paste mistake. AH is a MAY.
> >>
> >> John
> >>
> >>> -Original Message-
> >>> From: ext Vishwas Manral [mailto:[EMAIL PROTECTED]
>
>Jeffrey Dunn
>Info Systems Eng., Lead
>MITRE Corporation.
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
>Brian E Carpenter
>Sent: Wednesday, March 05, 2008 4:22 PM
>To: [EMAIL PROTECTED]
>Cc: ipv6@ietf.org
>Subject:
Eng., Lead
MITRE Corporation.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Brian E Carpenter
Sent: Wednesday, March 05, 2008 4:22 PM
To: [EMAIL PROTECTED]
Cc: ipv6@ietf.org
Subject: Re: Security Requirements for IPv6 Node Req summary
If we write a
Brian,
> If we write a SHOULD we really do need some guidance
> as to when it doesn't apply. Otherwise we make it too
> easy for product managers to simply cross it off the list.
> How about
>
> The normal expectation is that a complete IPv6 stack
> includes an implementation of ESP. However,
as a cut & paste mistake. AH is a MAY.
>
> John
>
>> -Original Message-
>> From: ext Vishwas Manral [mailto:[EMAIL PROTECTED]
>> Sent: 05 March, 2008 12:12
>> To: Loughney John (Nokia-OCTO/PaloAlto)
>> Cc: ipv6@ietf.org
>> Subject: Re: Secu
Sorry, that was a cut & paste mistake. AH is a MAY.
John
>-Original Message-
>From: ext Vishwas Manral [mailto:[EMAIL PROTECTED]
>Sent: 05 March, 2008 12:12
>To: Loughney John (Nokia-OCTO/PaloAlto)
>Cc: ipv6@ietf.org
>Subject: Re: Security Requirements for IPv6
Hi John,
RFC4301 states AH is optional. Is there a reason why we are making it
a MUST be supported feature. Below quoting RFC4301:
"IPsec implementations MUST support ESP and MAY
support AH."
Thanks,
Vishwas
On Wed, Mar 5, 2008 at 11:46 AM, <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> The RFC
22 matches
Mail list logo