Re: transform tunnel/transport attributes

[Anupama Potluri <anupama@trinc.com>]

On Mon, 9 Nov 1998, Michael C. Richardson wrote:

>   The only thing missing is whether the proposals that are in the same
> mode are to be applied inside-out, or outside-in:
> 
>  "For ANDed proposals, the 'mode' MUST be the same, and the protocol headers
> applied MUST be applied adjacent to each other. The first proposal describes
> the inner-most (first on encryption/authentication/compression, last on
> decryption/checking/decompression) transform to be applied, with the last
> proposal describing the outer most transform. If multiple proposals are
> required to protect a packet, and they are to be applied in different modes,
> this is achieved by using multiple Phase-2 negotiations, the
> applicability/order of them to be determined the selectors used."

What is the order currently implemented by most implementations? If you
see the second example in the ISAKMP draft on pages 49-50, the first
protocol is AH and the second ESP. This seemed to indicate that the order
of the protocols is outer to inner rather than inner to outer, since the
supported combination is AH ESP. It seems more intuitive to interpret the
order in the way it appears in a processed packet - outer to inner.

Anupama

---

Follow-Ups:

• Re: transform tunnel/transport attributes
• From: Daniel Harkins <dharkins@cisco.com>

References:

• Re: transform tunnel/transport attributes
• From: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>

---

• Prev by Date: IKE Quick Mode
• Next by Date: Re: Selection of proposals (fwd)
• Prev by thread: Re: transform tunnel/transport attributes
• Next by thread: Re: transform tunnel/transport attributes
• Index(es):
  • Main
  • Thread