[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LAN-to-LAN IPSEC tunnels over the Internet

To: Stephen Waters <Stephen.Waters@digital.com>
Subject: Re: LAN-to-LAN IPSEC tunnels over the Internet
From: Stephen Kent <kent@bbn.com>
Date: Sat, 28 Feb 1998 11:53:22 -0500 (EST)
Cc: ipsec@tis.com
In-Reply-To: <250F9C8DEB9ED011A14D08002BE4F64C011D5A8A@wade.reo.dec.com>
Sender: owner-ipsec@ex.tis.com

Steve,

>I know that the recommendation is for 'block-mode' encryption so that
>major-damage is not done to the data-stream when the odd packet goes
>missing. But, for LAN-to-LAN,  certain QOS is required anyway (and the
>carriers and ISPs seem to be working towards offering better services
>for LAN-to-LAN - i.e. less packet loss and no reordering), so, is there
>a way of using IPSEC encryption in cipher-stream mode when the service
>is good enough - I hear this makes the cipher harder to crack.

Stream ciphers can be used with IPSEC. I would expect to carry crypto synch
data as part of the payload, to allow for resynch in the event of packet
loss.  The comment re making the cipher "harder to crack" does not seem
well founded.

Steve

References:

LAN-to-LAN IPSEC tunnels over the Internet

From: Stephen Waters <Stephen.Waters@digital.com>

Prev by Date: RE: IPSEC WORKING GROUP LAST CALL
Prev by thread: LAN-to-LAN IPSEC tunnels over the Internet
Next by thread: IPSec Conference Loaner Hardware
Index(es):
- Main
- Thread