Hi Fred, For ESP (RFC4303) the ICV does not cover the outer IP header at all the mutable field or not. For AH (RFC4302) however the outer IP header is covered for the ICV calculation.
May be that is what Rahim meant. We can have the IP header fields that are not covered by the ICV calculation and there may be no way of verifying integrity of the header. I however do not think it is required, because as mentioned earlier the probability of the error is very less(the issues may still be caught at a higher layer), and it does not justify the trade off to have a checksum. Thanks, Vishwas On Jan 31, 2008 1:35 PM, Fred Baker <[EMAIL PROTECTED]> wrote: > > > > On Jan 31, 2008, at 8:49 AM, Rahim Choudhary wrote: > Such a guaranteed integrity for the packet header is currently not > available, even with the use of IPSec because of the matter of the mutable > fields. > Mutable fields are mutable for a reason. We don't seem to be on the same > page in that regard. > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [email protected] > Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > > -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
