[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: transport-friendly ESP




Steve Bellovin <smb@research.att.com> writes:
> Oh, it can and does exist, and it's useful in some contexts.  But
> it's then called link encryption, not network layer encryption,
> and it has very different security properties.

Encrypting the link is a very different thing. One usually doesn't
even bother with doing things per packet -- you literally just encrypt 
the leased line. I'll agree that this isn't pointless -- my point was
that the vision of all the routers in the world doing hop-by-hop IPSec 
was pointless.

Perry


References: