It mandates a guarantee that the label on the IPv6 is authentic before trusting
it. In a link-local scope, where the label is proposed to be carried in the
destination header, ESP is mandatory and sufficient.
On a wider scope, AH is necessary.
Kais.
>
>This sounds like it mandates the use of AH, is that correct?
>
>Best Regards,
>Joseph D. Harwood
>[EMAIL PROTECTED]
>www.vesta-corp.com
>
>> -----Original Message-----
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED]]On Behalf Of Kais Belgaied
>> Sent: Wednesday, February 28, 2001 7:18 PM
>> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
>> Subject: Internet Draft for explicit security labels in IPv6.
>>
>>
>> Greetings,
>>
>> IPv4 had IPSO and CIPSO for labeling of packets assuming we're operating
>> within the premises of a trusted infrastructure.
>> IPv6 only has the implicit labeling by having different IPsec SAs convey
>> different labels.
>> We think there is a need to have explicit labels in IPv6, whether or not
>> IPsec is used.
>>
>> Please see draft-belgaied-ipv6-lsopt-00.txt
>>
>> http://www.ietf.org/internet-drafts/draft-belgaied-ipv6-lsopt-00.txt
>>
>>
>> Regards,
>> Kais.
>>
>>
>>
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
