[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IBM VPN Bakeoff Issues
At 11:58 AM 11/4/98 -0500, Roy Pereira wrote:
>9. Should the order of protocols dictate the order of security association or
should >AH, ESP, IPComp always be processed in a certain order? Most vendors
agreed >with the latter.
Risking repeating the obvious, the order is dictated by the reality that
compression must precede encryption, as stated in the IPComp draft:
Encrypting the IP datagram causes the data
to be random in nature, rendering compression at lower protocol
layers (e.g., PPP Compression Control Protocol [RFC-1962])
ineffective. If both compression and encryption are required,
compression MUST be applied before encryption.
avram