[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC WORKING GROUP LAST CALL
From: "Patel, Baiju V" <baiju.v.patel@intel.com>
Date: Tue, 24 Feb 1998 16:01:16 -0800
I have a concern with AH+ESP in transport mode.
Based on the requirements of ESP, ESP must negotiate
an integrity check mechanism. The MD5-HMAC or SHA-1 HMAC
MUST be supported for ESP. Similarly, the same integrity
algorithms are used by AH.
Therefore, it looks like I have to compute authentication data
twice using possibly same algorithm over mostly same data.
Something tells me that in this combination, I should be able
to negotiate NULL authentication algorithm for ESP.
Why do you want to use both AH and ESP in transport mode in the first
place? What's the desired functionality and application that you're
trying to accomplish?
- Ted
References: