[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Internet Draft -- IPsec Architecture

To: Karen Seo <kseo@bbn.com>
Subject: Re: Internet Draft -- IPsec Architecture
From: Robert Moskowitz <rgm3@chrysler.com>
Date: Tue, 05 Aug 1997 12:21:58 -0400
Cc: ipsec@tis.com, tytso@MIT.EDU, skent@bbn.com
In-Reply-To: <199707311309.JAA22086@portal.ex.tis.com>
Reply-To: rgm3@chrysler.com
Sender: owner-ipsec@ex.tis.com

3rd paragraph in 4.1:

   As noted above, two types of SAs are defined: transport mode and
   tunnel mode.  A transport mode SA is a security association between
   two hosts.  The security protocol header appears immediately after
   the IP header (and any options or extensions), and before any higher
   layer protocols (e.g., TCP or UDP).  In the case of ESP, a tunnel

                                                              ^^^^^^
Isn't this transport?

   mode SA provides security services only for these higher layer
   protocols, not for the IP header.  In the case of AH, the protection
   is also extended to selected portions of the IP header (and options).
   For more details on the coverage afforded by AH, see the AH
   specification [KA97b].



Robert Moskowitz
Chrysler Corporation
(810) 758-8212

Follow-Ups:

Re: Internet Draft -- IPsec Architecture

From: Stephen Kent <kent@bbn.com>

Prev by Date: Re[2]: ISAKMP performance numbers
Next by Date: Re[2]: ISAKMP performance numbers
Prev by thread: Re[2]: ISAKMP performance numbers
Next by thread: Re: Internet Draft -- IPsec Architecture
Index(es):
- Main
- Thread