On Nov 13, 2011, at 4:30 PM, Vilhelm Jutvik wrote:
> Dear all,
>
> I am writing this as I have a question that I've failed to clarify by
> other means.
>
> It is commonly stated that the ESP protocol covers all of the
> functionality afforded by AH (integrity and authentication) in
> addition t
On Nov 11, 2009, at 3:56 PM, Stephen Kent wrote:
> Jack,
>
> I would have no problem deprecating AH in the context of the IPsec
> architecture document, if others agree. It is less efficient than ESP-NULL.
> However, other WGs have cited AH as the IPsec protocol of choice for
> integrity/aut
On Nov 13, 2009, at 12:16 AM, Stephen Kent wrote:
> My message pointed out that there was no mention of options, Your reply
> picked a couple of option examples and argued that they were either not used
> or did not pose a security problem.
>
> The right way to generate a god answer is to con
On Nov 23, 2009, at 8:46 PM, Paul Hoffman wrote:
> I *really* don't think it is that hard for a developer to resolve a URL and
> read the tables there.
Leave out the table; give the URL and mention 4306. If you have two
more-or-less authoritative sources for the same information, some folks w
On Dec 7, 2009, at 5:26 PM, Paul Moore wrote:
> On Monday 07 December 2009 05:16:26 pm Stephen Kent wrote:
>> Paul,
>>
>> From your comments it seems as though an IP option would be
>> preferable, as it is not IP-sec-specific, and it an be protected if
>> needed, in the IPSec context, e.g., via
On Dec 10, 2009, at 2:57 PM, Bill Sommerfeld wrote:
> On Wed, 2009-12-09 at 12:29 -0800, Jarrett Lu wrote:
>> I could be wrong here. I thought the opaque blob is passed as pay load
>> in IKE exchange, not as IP option in the header.
>
> There are multiple places where labels could appear on a p
On Dec 21, 2009, at 7:08 PM, Masood, Faisal wrote:
> The support of WESP encryption, as it currently stands in the draft, is
> important and we would like to discuss this in detail but many of our
> core team members are away for the holidays.
>
The issue is certainly seen as important by some
We've devised a new IPsec configuration mechanism, and we're performing a
controlled experiment comparing it to today's mechanisms. Accordingly, we're
looking for volunteers to participate in our study. (It's been submitted to
and approved by the university's Institutional Review Board (IRB).)
On Feb 1, 2010, at 7:45 PM, Venkatesh Sriram wrote:
> Hi,
>
> Most IETF documents state that replay protection is not provided with
> manual keying. I wanted to understand the reason for the same. Is it
> because with manual keying there is no way to negotiate the sequence
> numbers and thus pro
A tech report on our IPsec configuration system is at
http://mice.cs.columbia.edu/getTechreport.php?techreportID=1433 . We hope to
upload the code to Sourceforge shortly.
___
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
10 matches
Mail list logo
