[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bellovin's and Ashar's attacks

To: Danny.Nessett@eng.sun.com (Dan Nessett)
Subject: Re: Bellovin's and Ashar's attacks
From: "Perry E. Metzger" <perry@imsi.com>
Date: Thu, 13 Apr 1995 12:22:16 -0400
Cc: ipsec@ans.net
In-Reply-To: Your message of "Thu, 13 Apr 1995 07:55:31 PDT." <199504131456.AA39843@interlock.ans.net>
Reply-To: perry@imsi.com


Dan Nessett says:
> Your clarification that :
> 
> >  As an aside, one of the things I've not been good about making clear
> >  in my notes is that my interest in user-oriented keying has much to do
> >  with the use of ESP as a transport-layer encryptor.
> 
> raises a question in my mind. I'm not sure how an ESP protected
> packet can be demultiplexed by the IP layer, so it can be routed to
> the appropriate transport layer code, without first decrypting
> it.

It can't. You decrypt it first and then pass it along with information
to the transport that indicates what the transform that had been used
for the encapsulation was before you unencapsulated the packet.

Perry

References:

Re: Bellovin's and Ashar's attacks

From: Danny.Nessett@eng.sun.com (Dan Nessett)

Prev by Date: Re: Bellovin's and Ashar's attacks
Next by Date: Re: Bellovin's and Ashar's attacks
Prev by thread: Re: Bellovin's and Ashar's attacks
Next by thread: Re: Bellovin's and Ashar's attacks
Index(es):
- Main
- Thread