Re: ICMP and unknown extension headers?

JINMEI Tatuya / $B?@L@C#:H(B Sun, 25 Jun 2000 19:25:54 -0700

>>>>> On Thu, 22 Jun 2000 02:33:54 +0300 (EET DST), 
>>>>> Markku Savela <[EMAIL PROTECTED]> said:

>> But how can you examine the contained header, which might be
>> encrypted, for the policy check?

> I don't see any problem. Packet is in clear at this point already.

> On inbound, the policy check is of course done after IPSEC decryption,
> as with any other IPSEC packet. This applies to the ICMP's that come
> from the other end point. If ICMP is generated on the route by some
> router, then I would not try to decipher it too much (with truncation
> and ESP, things get messy).

Ah, I see. I misunderstood the order of processing. Thanks for the
clarification.

                                        JINMEI, Tatuya
                                        Communication Platform Lab.
                                        Corporate R&D Center, Toshiba Corp.
                                        [EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page:                      http://playground.sun.com/ipng
FTP archive:                      ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------

Re: ICMP and unknown extension headers?

Reply via email to