[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IBM VPN Bakeoff Issues

To: Avram Shacham <shacham@cisco.com>
Subject: RE: IBM VPN Bakeoff Issues
From: Stephen Waters <Stephen.Waters@digital.com>
Date: Thu, 5 Nov 1998 15:01:15 -0000
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com


...and since ESP gets involved in adding trailer, it must go before AH since
AH want's to know (authenticate) the final packet length.



-----Original Message-----
From: Avram Shacham [mailto:shacham@cisco.com]
Sent: Thursday, November 05, 1998 6:33 AM
To: Roy Pereira; IPSEC Mailing List (E-mail)
Subject: Re: IBM VPN Bakeoff Issues


At 11:58 AM 11/4/98 -0500, Roy Pereira wrote: 

>9. Should the order of protocols dictate the order of security association
or
should >AH, ESP, IPComp always be processed in a certain order?  Most
vendors
agreed >with the latter.

Risking repeating the obvious, the order is dictated by the reality that
compression must precede encryption, as stated in the IPComp draft:

                               Encrypting the IP datagram causes the data
   to be random in nature, rendering compression at lower protocol
   layers (e.g., PPP Compression Control Protocol [RFC-1962])
   ineffective.  If both compression and encryption are required,
   compression MUST be applied before encryption.

avram

Prev by Date: RE: IBM VPN Bakeoff Issues
Next by Date: RE: IBM VPN Bakeoff Issues
Prev by thread: RE: IBM VPN Bakeoff Issues
Next by thread: RE: IBM VPN Bakeoff Issues
Index(es):
- Main
- Thread