[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC WORKING GROUP LAST CALL

To: "Patel, Baiju V" <baiju.v.patel@intel.com>
Subject: Re: IPSEC WORKING GROUP LAST CALL
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Date: Wed, 25 Feb 1998 12:30:41 -0500
Address: 1 Amherst St., Cambridge, MA 02139
Cc: "'ipsec'" <ipsec@tis.com>
In-Reply-To: Patel, Baiju V's message of Tue, 24 Feb 1998 16:01:16 -0800,<A1B6CB375930D11188D100A0C95A36BD01147786@FMSMSX31>
Phone: (617) 253-8091
Sender: owner-ipsec@ex.tis.com

   From: "Patel, Baiju V" <baiju.v.patel@intel.com>
   Date: Tue, 24 Feb 1998 16:01:16 -0800

   I have a concern with AH+ESP in transport mode. 
   Based on the requirements of ESP, ESP must negotiate
   an integrity check mechanism. The MD5-HMAC or SHA-1 HMAC
   MUST be supported for ESP. Similarly, the same integrity
   algorithms are used by AH. 

   Therefore, it looks like I have to compute authentication data
   twice using possibly same algorithm over mostly same data.
   Something tells me that in this combination, I should be able
   to negotiate NULL authentication algorithm for ESP.

Why do you want to use both AH and ESP in transport mode in the first
place?  What's the desired functionality and application that you're
trying to accomplish?

						- Ted

References:

RE: IPSEC WORKING GROUP LAST CALL

From: "Patel, Baiju V" <baiju.v.patel@intel.com>

Prev by Date: I-D ACTION:draft-ietf-ipsec-isakmp-mode-cfg-02.txt
Next by Date: Re: Certificate Requesting
Prev by thread: RE: IPSEC WORKING GROUP LAST CALL
Next by thread: RE: IPSEC WORKING GROUP LAST CALL
Index(es):
- Main
- Thread