[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authentication using ESP in Transport Mode

To: PALAMBER@us.oracle.com
Subject: Re: Authentication using ESP in Transport Mode
From: Hilarie Orman <ho@earth.hpc.org>
Date: Wed, 17 Jul 1996 09:41:35 -0400
Cc: ipsec@TIS.COM
In-Reply-To: Yourmessage <9607170514.AA07071@maildig1.us.oracle.com>
Sender: ipsec-approval@neptune.tis.com

>  >Gee, I hope not.  ESP directly inside ESP is bogus.   
>  > 
>  >Ran 

>  Hummm ... no, ESP inside ESP should be a fairly common case when two 
>  workstations with ESP communicate through two encrypting firewalls using ESP.  
>  I assume that you were thinking of ESP inside ESP with no intermedate 
>  encrypting systems as a bogus example... 

ESP followed by ESP is non-bogus wrt the architecture and ESP docs.
I've always thought this was deliberate and a good idea because it allowed
ESP to be used to define orthogonal services.  And while double encryption
might be inefficient (as in the firewall case), surely no one would want to 
prohibit it (firewall would discard outgoing ESP packets?!).

References:

Re: Authentication using ESP in Transport Mode

From: "PALAMBER.US.ORACLE.COM" <PALAMBER@us.oracle.com>

Prev by Date: Re: Authentication using ESP in Transport Mode
Next by Date: Re: Authentication using ESP in Transport Mode
Prev by thread: Re: Authentication using ESP in Transport Mode
Next by thread: Re: Authentication using ESP in Transport Mode
Index(es):
- Main
- Thread