[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Re[2]: IPSEC document reading party!



What John was trying to say, I think, is that tunneled ESP without
encryption and _integrity_ would be better served by just using
IP-in-IP.

>-----Original Message-----
>From:	svakil@usr.com [SMTP:svakil@usr.com]
>Sent:	Saturday, December 13, 1997 1:49 PM
>To:	gordo@telsur.cl; tytso@MIT.EDU; John Ioannidis
>Cc:	ipsec@tis.com
>Subject:	Re[2]: IPSEC document reading party!
>
>     ESP tunneling without encryption cannot be substituted with IP-in-IP 
>     tunneling.  It provides authentication and integrity services to the 
>     encapsulated packet.  Note that this is different from AH which will 
>     cover the outer IP headers and options also.
>     
>     
>     Sumit A. Vakil
>     3Com, Corp.
>
>
>______________________________ Reply Separator
>_________________________________
>Subject: Re: IPSEC document reading party!
>Author:  John Ioannidis <ji@research.att.com> at Internet
>Date:    12/13/97 10:44 AM
>
>
>>         - in the DOI document there is a reference to using ESP with a NULL
>     
>He's right. If a policy calls for tunneling, the mechanisms should be 
>IP-in-IP encapsulation, plain and simple. In other words, it's not that
>ESP should be used with no encryption; it's that ESP should not be used at
>all!
>     
>/ji << File: RFC822 message headers.txt >> 


Follow-Ups: