Re: order/nesting of IPsec headers (transport mode)

[Karen Seo <kseo@bbn.com>]

Folks,

Thank you for the feedback so far.  Some clarification....

As stated in my initial message, we were originally wondering about what
kinds of nesting were relevant for *transport* mode.  Because only hosts
do transport mode, this meant that any application of IPsec headers is
done by the end systems, not by successive security gateways, etc.  So
what we really wanted was your input on the relevance of support for
complex nestings of IPsec headers as applied by a *single box*, not
successive boxes.  In line with this, if the IPsec headers are being
applied by a single box, then there won't be an IP header with each
IPsec header -- I really did mean the cases 4-8 as typed but didn't show
the original IP header.

NOTE: This question came up with the host/transport case but as pointed
out by Charlie Lynn applies to nested tunnel headers too if they're
applied by a *single box*.  

Thanks again,
Karen

---

• Prev by Date: Re: order/nesting of IPsec headers (transport mode)
• Next by Date: Re: IPSEC and NAT
• Prev by thread: Re: order/nesting of IPsec headers (transport mode)
• Next by thread: Re: order/nesting of IPsec headers (transport mode)
• Index(es):
  • Main
  • Thread