[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: some issues about IPSec

To: "ipsec@tis.com" <ipsec@tis.com>
Subject: Re: some issues about IPSec
From: Bronislav Kavsan <bkavsan@ire-ma.com>
Date: Fri, 23 Jan 1998 23:31:27 -0500
References: <01BD282E.9B3F3760.adams@cisco.com>
Sender: owner-ipsec@ex.tis.com

Rob Adams wrote:

> .....And even if that was a common implementation, I'm not sure how
> a bump in the stack implementation would benefit greatly by only doing
> tunnel... Can you explain this?

Rob, the transport mode requires encryption before fragmentation - in BITS
implementation it translates into creating another IP protocol below TCP/IP
protocol for re-assembling fragmented packets, encrypting resulting datagram and
fragmenting it again.

In the tunnel mode - you can encrypt each fragment separately without re-assembling
them into a datagram.

Also, the BITS implementation will be very common on Windows platform till
Microsoft will implement IPsec in their stack

Slava Kavsan
IRE

References:

RE: some issues about IPSec

From: Rob Adams <adams@cisco.com>

Prev by Date: RE: some issues about IPSec
Next by Date: RE: some issues about IPSec
Prev by thread: RE: some issues about IPSec
Next by thread: RE: some issues about IPSec
Index(es):
- Main
- Thread