[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: notes from developer's portion of IETF meeting
> Optional integrity for ESP? No.? yes...? I'd say no.
Considering a VPN scenario using tunnel-mode ESP, mandatory
integrity for ESP wouldn't gain much more security, iff all
tunneled IP packets are already required to use AH by the
site's policy. It should be possible to save the additional
overhead of applying integrity mechanisms twice (ie. AH and ESP)
on the same data.
Greetings,
Uwe Ellermann
--
Uwe Ellermann, Ellermann@fwl.dfn.de, Tel.:+49-40-5494-2262, Fax: -2241
DFN-FWL, University of Hamburg, Vogt-Koelln-Strasse 30, D-22527 Hamburg
PGP-key available via http://www.cert.dfn.de/~ue/pgp.html or Keyserver
Follow-Ups: