[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: risks of MACs associated with packets
RE: AH
I also think the authentication info should be outside of the ESP
so that bogus packets can be detected without having to decrypt the
whole packet...
>I think, as I believe Phil Karn does, that you want authentication
>to be outside of your encyrption so that it is less work to throw
>away bogus packets and so that intermediate points can, if properly
>configured, authenticate the message without reading it.
>
>Donald
Derrell Piper | piper@tgv.com | Tech Support: +1 408 457 5201
TGV, Inc. | 101 Cooper Street | Santa Cruz, CA 95060 USA