[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: some issues about IPSec
Rob Adams wrote:
> .....And even if that was a common implementation, I'm not sure how
> a bump in the stack implementation would benefit greatly by only doing
> tunnel... Can you explain this?
Rob, the transport mode requires encryption before fragmentation - in BITS
implementation it translates into creating another IP protocol below TCP/IP
protocol for re-assembling fragmented packets, encrypting resulting datagram and
fragmenting it again.
In the tunnel mode - you can encrypt each fragment separately without re-assembling
them into a datagram.
Also, the BITS implementation will be very common on Windows platform till
Microsoft will implement IPsec in their stack
Slava Kavsan
IRE
References: