Re: some issues about IPSec

["Scott G. Kelly" <scott@fet.com>]

Engineering wrote:
> 
> What
> I'm really looking for here is an answer regarding exactly what the
> benefit of transport mode is ?  Perhaps a user of the transport mode could
> comment on this for clarfication.
> 
> Thanks,
> Jeffrey Goodwin

One benefit is that it provides the end-user with the capability to
negotiate security association attributes on its own behalf. Perhaps the
end-user desires stronger security than the sgw configuration would
permit. Perhaps the sgw services so many endusers that the granularity
of its SPD is not sufficient to provide for the varied needs of its
clients.

Perhaps a stronger argument exists in terms of overhead concerns. If the
enduser provides its own security service, that's one less
(encapsulating) ip header on the packet. Further, it relieves (in the
short term) concerns of bottlenecks at sgw's which may not have the
processing power and memory to provide the granularity necessary to
provide for every client's needs at wireline speeds.

---

Follow-Ups:

• Re: some issues about IPSec
• From: Bronislav Kavsan <bkavsan@ire-ma.com>

References:

• Re: some issues about IPSec
• From: Engineering <osgroup@laurent.osgroup.com>

---

• Prev by Date: Re: some issues about IPSec
• Next by Date: Re: Cookie exchange
• Prev by thread: Re: some issues about IPSec
• Next by thread: Re: some issues about IPSec
• Index(es):
  • Main
  • Thread