[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Proposed changes to ESP (andf a little AH too)
I'm all in favour of doing the encryption first and the authentication after,
so that on receipt we can authenticate before we receive, but wasn't there
some cryptographic argument against that sort of thing? Or was it decided back
when we only had the RFC 182* transforms that in the case of cascaded
transforms, we should encapsulate first with AH-MD5 and then with DES-ESP, and
that carried over into the combined ESP transform? Or could it even be a
carry-over back from the swIPe days (which also encrypted the authenticated
packet)?
/ji
Follow-Ups:
References: