[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Re[2]: IPSEC document reading party!
What John was trying to say, I think, is that tunneled ESP without
encryption and _integrity_ would be better served by just using
IP-in-IP.
>-----Original Message-----
>From: svakil@usr.com [SMTP:svakil@usr.com]
>Sent: Saturday, December 13, 1997 1:49 PM
>To: gordo@telsur.cl; tytso@MIT.EDU; John Ioannidis
>Cc: ipsec@tis.com
>Subject: Re[2]: IPSEC document reading party!
>
> ESP tunneling without encryption cannot be substituted with IP-in-IP
> tunneling. It provides authentication and integrity services to the
> encapsulated packet. Note that this is different from AH which will
> cover the outer IP headers and options also.
>
>
> Sumit A. Vakil
> 3Com, Corp.
>
>
>______________________________ Reply Separator
>_________________________________
>Subject: Re: IPSEC document reading party!
>Author: John Ioannidis <ji@research.att.com> at Internet
>Date: 12/13/97 10:44 AM
>
>
>> - in the DOI document there is a reference to using ESP with a NULL
>
>He's right. If a policy calls for tunneling, the mechanisms should be
>IP-in-IP encapsulation, plain and simple. In other words, it's not that
>ESP should be used with no encryption; it's that ESP should not be used at
>all!
>
>/ji << File: RFC822 message headers.txt >>
Follow-Ups: