[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AH vs. ESP with MD5

To: baldwin <baldwin@rsa.com>
Subject: Re: AH vs. ESP with MD5
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 07 Mar 1996 14:05:55 -0500
Cc: ipsec@TIS.COM
In-Reply-To: Your message of "Thu, 07 Mar 1996 08:39:25 PST." <9602078262.AA826216778@snail.rsa.com>
Reply-To: perry@piermont.com
Sender: ipsec-request@neptune.tis.com

baldwin writes:
>         I have a couple questions about the goals for the revised ESP
> that includes integrity and replay protection.
> 
> 1) Is the new ESP suppose to eliminate the need for the AH transform?

No, not at all. It was intended all the way back to the origins of the
current proposal that ESP would be able to contain arbitrary opaque
transforms.

> 2) Do ESP packets need to be self describing in terms of the features
>    they support (e.g., whether replay protection is included)?
>    The current design assumes that the SPI determines all the
>    required features.

You answered your own question -- the ESP packets are totally opaque,
and no information other than the SPI is needed.

Perry

References:

AH vs. ESP with MD5

From: baldwin <baldwin@rsa.com>

Prev by Date: Alternative transform encapsulation scheme
Next by Date: Re: AH vs. ESP with MD5
Prev by thread: AH vs. ESP with MD5
Next by thread: Re: AH vs. ESP with MD5
Index(es):
- Main
- Thread