[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Alternative transform encapsulation scheme

To: Karl Fox <karl@morningstar.com>
Subject: Re: Alternative transform encapsulation scheme
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 07 Mar 1996 14:52:31 -0500
Cc: ipsec@TIS.COM
In-Reply-To: Your message of "Thu, 07 Mar 1996 13:27:02 EST." <9603071827.AA04683@gefilte.MorningStar.Com>
Reply-To: perry@piermont.com
Sender: ipsec-request@neptune.tis.com

Karl Fox writes:
> Now that we're heading toward individual do-everything transforms
> rather than layered orthogonal functions, the concept of separate AH
> and ESP protocols seems a bit awkward.

ESP is not the "encrypting protocol". It is the OPAQUE protocol. The
idea always was that AH was there to provide for non-opaque
encapsulated packets in which it was possible to determine what the
contents were without understanding the SPI, and ESP was always
intended to provide for any combination of
(encryption/authentication/replay/etc) that did not need to be
transparent.

Perry

Follow-Ups:

Re: Alternative transform encapsulation scheme

From: Karl Fox <karl@morningstar.com>

References:

Alternative transform encapsulation scheme

From: Karl Fox <karl@morningstar.com>

Prev by Date: Re: AH vs. ESP with MD5
Next by Date: Re: IPSEC Implementation Survey
Prev by thread: Alternative transform encapsulation scheme
Next by thread: Re: Alternative transform encapsulation scheme
Index(es):
- Main
- Thread