[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AH and mutable fields, how deep to look?

To: Markku Savela <msa@xxxxxxxxxxxxxxxxx>
Subject: Re: AH and mutable fields, how deep to look?
From: Stephen Kent <kent@xxxxxxx>
Date: Wed, 10 Dec 2003 18:11:32 -0500
Cc: ipsec@xxxxxxxxxxxxxxxxx
In-reply-to: <>
References: <>
Sender: owner-ipsec@xxxxxxxxxxxxxxxxx

At 12:18 +0200 12/9/03, Markku Savela wrote:

[I tried to send a message about this last week, but it disappeared...]

With following

IP Ext.-Headers1 AH Ext.-Headers2 ...

TAHI test assumes that the "mutable field" processing is also done for
the Ext.Headers2. I always had the misconception(?), and my
implementation also has it, that the payload after AH is treated as
opaque bits, and immutable.

I find my interpretation, of course, saner (and simpler). However, AH
RFC seems to support TAHI's interpretation (at least the ASCII
graphics).

If my interpretation is wrong, then the followup question is: how deep
you are supposed to scan? Say,

IP ext1 AH ext2 IP-tunnel ext3 ...etc..

Then, an unknown (to the SG) extension header inside ext3 would
totally unnecessarily break the IPSEC...

The intent was to treat everything after AH as opaque, in IPv6 as well as IPv4. What change to the graphics would help convey this better?

Steve

Follow-Ups:
- Re: AH and mutable fields, how deep to look?
  - From: Markku Savela

References:
- AH and mutable fields, how deep to look?
  - From: Markku Savela

Prev by Date: Re: AH and mutable fields, how deep to look?
Next by Date: Re: AH and mutable fields, how deep to look?
Previous by thread: Re: AH and mutable fields, how deep to look?
Next by thread: Re: AH and mutable fields, how deep to look?
Index(es):
- Date
- Thread