[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authentication using ESP in Transport Mode

To: Steve_Rodney_at_HP7@rimail.interlan.com
Subject: Re: Authentication using ESP in Transport Mode
From: Stephen Kent <kent@bbn.com>
Date: Fri, 5 Jul 1996 15:29:04 +0100
Cc: ipsec@TIS.COM
Sender: ipsec-approval@neptune.tis.com

Steve,

        AH still has a role in IPSEC, independent of ESP.  ESP, as it's
name indicates, encapsulates data to protect it.  In that mode it can offer
authentication and integrity (as well as confidentiality) for tunneled IP
packets, but it cannot protect the IP header for a packet in which it is
embedded.  It is still appropriate to use a combination of AH and ESP if
one wishes to protect the IP header for a packet and to bind that header to
a payload protected with ESP.  The change to AH that was approved at the
meeting, was to remove all references to the mode of AH operation in which
it did NOT apply to an IP header in which it was embedded.  The motivation
for redefining AH in this fashion arose because wel now have ESP transforms
that provide authentication and integrity, and because this dual mode of AH
use was unduly complex given the existance of such ESP transforms.

Steve

Prev by Date: Stream Cipher Transform -- revisited
Next by Date: Authentication using ESP in Transport Mode
Prev by thread: Re: Stream Cipher Transform -- revisited
Next by thread: Authentication using ESP in Transport Mode
Index(es):
- Main
- Thread