[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Alternative transform encapsulation scheme
Karl Fox writes:
> Now that we're heading toward individual do-everything transforms
> rather than layered orthogonal functions, the concept of separate AH
> and ESP protocols seems a bit awkward.
ESP is not the "encrypting protocol". It is the OPAQUE protocol. The
idea always was that AH was there to provide for non-opaque
encapsulated packets in which it was possible to determine what the
contents were without understanding the SPI, and ESP was always
intended to provide for any combination of
(encryption/authentication/replay/etc) that did not need to be
transparent.
Perry
Follow-Ups:
References: