Re: [Infrahip] Re: [hipl-users] Re: [PATCH 2.6.12.2] XFRM: BEET IPsec mode for Linux

(off-list ancestor, not in this archive)
Re: [PATCH 2.6.12.2] XFRM: BEET IPsec mode for Linux · Herbert Xu <herbert@gondor.apana.org.au> · 2005-07-28
Re: [hipl-users] Re: [PATCH 2.6.12.2] XFRM: BEET IPsec mode for Linux · Diego Beltrami <hidden> · 2005-07-29
Re: [Infrahip] Re: [hipl-users] Re: [PATCH 2.6.12.2] XFRM: BEET IPsec mode for Linux · Pekka Nikander <hidden> · 2005-07-29
Re: [Infrahip] Re: [hipl-users] Re: [PATCH 2.6.12.2] XFRM: BEET IPsec mode for Linux · Herbert Xu <herbert@gondor.apana.org.au> · 2005-07-29
Re: [PATCH 2.6.12.2] XFRM: BEET IPsec mode for Linux · Diego Beltrami <hidden> · 2005-07-30
Re: [hipl-users] Re: [PATCH 2.6.12.2] XFRM: BEET IPsec mode for Linux · Herbert Xu <herbert@gondor.apana.org.au> · 2005-07-30

From: Pekka Nikander <hidden>
Date: 2005-07-29 15:45:24

Surely BEET will work also for AH with minor changes, even though we
only tried the ESP encapsulation.

I wouldn't be so sure.  IIRC, tunnel mode is not specified for AH but  
for ESP only.  Consequently, defining BEET mode for AH might be  
pretty tricky.  OTOH, I don't know the linux IPsec implementation so  
that it might be possible to make BEET to "work" for AH, for some  
value of "work", but it probably would require some careful thinking  
to define the exact semantics, like what addresses (inner or outer)  
are covered by the AH integrity protection, what does the integrity  
protection really assert, etc.

--Pekka

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help