Re: User and Ports: For a firewall solution

Dan Stromberg (strombrg@hydra.acs.uci.edu)
Tue, 21 Apr 1998 11:03:10 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Shaleh: "2.0.34pre10"
Previous message: Alex Belits: "Re: unicode (char as abstract data type)"
Maybe in reply to: Yusuf Motiwala: "User and Ports: For a firewall solution"

> If the machine your mobile agent connects to was extended to support one
> of the authentication protocols for IP frames. IP-AH is an IP extension
> that ends frames with
>
> [IP-HEADER][IP-AH header][MD5 data][Packet]
>
> so you can have the mobile host talk to the FA which then sends packets
> that are signed and include user auth info. In fact you could probably
> skip MD5 and hide the data in other ways providing you strip it at thee
> firewall itself. IP-AH has an RFC. (IP authentication header)

I thought AH was only an Internet Draft (if it's that far?), not an RFC yet?
I could be mistaken of course.

Please note that there's been some talk of throwing out AH altogether, and going
with encryptionless ESP instead.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Shaleh: "2.0.34pre10"
Previous message: Alex Belits: "Re: unicode (char as abstract data type)"
Maybe in reply to: Yusuf Motiwala: "User and Ports: For a firewall solution"