[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ICMP Security Failures

To: ho@cs.arizona.edu
Subject: Re: ICMP Security Failures
From: Phil Karn <karn@qualcomm.com>
Date: Mon, 18 Dec 1995 23:33:31 -0800 (PST)
Cc: bsimpson@morningstar.com, ipsec@ans.net
In-Reply-To: <199512140243.AA20386@interlock.ans.net> (message from Hilarie Orman on Wed, 13 Dec 1995 19:43:04 -0700)

>> Note that in "transport-mode", the SPI indicated will be of the outer

>I think I get it, but I'm not familiar with the term "transport-mode".

I'd like to expunge use of the terms "transport-mode" and
"tunnel-mode" from IPSEC documents. Not because the modes they
describe aren't useful, but because I really consider them completely
orthogonal to the security mechanisms IPSEC provides.

"Tunnel mode" simply implies that a host has the ability to tunnel and
detunnel packets, irrespective of whether that host also implements
IPSEC (AH and ESP). It simply means that the host implements IP
Protocol No. 4. If the host also happens to implement IP Protocols
Nos. 50 and 51 (IP Security), it's free to combine all three in any
fashion it chooses. But the mechanisms of IP security are completely
independent of whether the payload is a UDP or TCP segment or another
IP datagram.

Phil

References:

Re: ICMP Security Failures

From: Hilarie Orman <ho@cs.arizona.edu>

Prev by Date: Re: correction on SPIs
Next by Date: Re: forward secrecy
Prev by thread: Re: ICMP Security Failures
Next by thread: Re: ICMP Security Failures
Index(es):
- Main
- Thread