[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: transport-friendly ESP
Steve Bellovin <smb@research.att.com> writes:
> Oh, it can and does exist, and it's useful in some contexts. But
> it's then called link encryption, not network layer encryption,
> and it has very different security properties.
Encrypting the link is a very different thing. One usually doesn't
even bother with doing things per packet -- you literally just encrypt
the leased line. I'll agree that this isn't pointless -- my point was
that the vision of all the routers in the world doing hop-by-hop IPSec
was pointless.
Perry
References: