Re: Secdir Review of draft-stjohns-sipso-05
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Secdir Review of draft-stjohns-sipso-05
>>>>> "Joe" == Joe Touch <touch at ISI.EDU> writes:
Joe> I was wondering about that; it seems inconsistent to have
Joe> this document require something that is optional in RFC 4301.
I suspect you realize this, but some people following the discussion
may not. It's critical to this mechanism that intermediate systems be
able to read the sensitivity level. You can either do hop-by-hop SAs
using either ESP-null or AH, or end-to-end SAs using AH or ESP/null
plus one of the fixes so you can determine that a packet is ESP-null
rather than ESP-encrypted. Note that if you are talking about
end-to-end SAs you need to either explain why the intermediate systems
don't need to be able to confirm the integrity of the label, or you
need to address Steve Bellovin's concerns.
--Sam
_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www.ietf.org/mailman/listinfo/ietf
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
