[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IBM VPN Bakeoff Issues

To: Roy Pereira <rpereira@TimeStep.com>, "IPSEC Mailing List (E-mail)" <ipsec@tis.com>
Subject: Re: IBM VPN Bakeoff Issues
From: Avram Shacham <shacham@cisco.com>
Date: Wed, 04 Nov 1998 22:32:48 -0800
Sender: owner-ipsec@ex.tis.com

At 11:58 AM 11/4/98 -0500, Roy Pereira wrote: 

>9. Should the order of protocols dictate the order of security association or
should >AH, ESP, IPComp always be processed in a certain order?  Most vendors
agreed >with the latter.

Risking repeating the obvious, the order is dictated by the reality that
compression must precede encryption, as stated in the IPComp draft:

                               Encrypting the IP datagram causes the data
   to be random in nature, rendering compression at lower protocol
   layers (e.g., PPP Compression Control Protocol [RFC-1962])
   ineffective.  If both compression and encryption are required,
   compression MUST be applied before encryption.

avram

Prev by Date: Re: Selection of proposals
Next by Date: IPSEC Agenda request
Prev by thread: Re: IBM VPN Bakeoff Issues
Next by thread: RE: IBM VPN Bakeoff Issues
Index(es):
- Main
- Thread