In message <[EMAIL PROTECTED]>, Kais Belgaied writes:
>It mandates a guarantee that the label on the IPv6 is authentic before trustin
>g
>it. In a link-local scope, where the label is proposed to be carried in the
>destination header, ESP is mandatory and sufficient.
>On a wider scope, AH is necessary.
Or it could be bound to the certificate and recreated at the far end.
>
>Kais.
> >
> >This sounds like it mandates the use of AH, is that correct?
> >
> >Best Regards,
> >Joseph D. Harwood
> >[EMAIL PROTECTED]
> >www.vesta-corp.com
> >
> >> -----Original Message-----
> >> From: [EMAIL PROTECTED]
> >> [mailto:[EMAIL PROTECTED]]On Behalf Of Kais Belgaied
> >> Sent: Wednesday, February 28, 2001 7:18 PM
> >> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> >> Subject: Internet Draft for explicit security labels in IPv6.
> >>
> >>
> >> Greetings,
> >>
> >> IPv4 had IPSO and CIPSO for labeling of packets assuming we're operating
> >> within the premises of a trusted infrastructure.
> >> IPv6 only has the implicit labeling by having different IPsec SAs convey
> >> different labels.
> >> We think there is a need to have explicit labels in IPv6, whether or not
> >> IPsec is used.
> >>
> >> Please see draft-belgaied-ipv6-lsopt-00.txt
> >>
> >> http://www.ietf.org/internet-drafts/draft-belgaied-ipv6-lsopt-00.txt
> >>
> >>
> >> Regards,
> >> Kais.
> >>
> >>
> >>
>
>
>
--Steve Bellovin, http://www.research.att.com/~smb
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
