[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Deprecation of AH header from the IPSEC tool kit



On Thu, 15 Jun 2000, Waters, Stephen wrote:
> I can see the ESP authentication is fine when tunnel mode is in use - but
> for peer to peer routing protocols, transport mode seems more appropriate
> and the security of IP header and options could then be a requirement.

If security of IP header and options is a requirement, then tunnel mode
might be the better solution, despite the superficial attractiveness of
transport mode.  Retaining AH because transport mode needs it is rather
weak, unless there are strong reasons why tunnel mode is not acceptable as
an alternative. 

                                                          Henry Spencer
                                                       henry@spsystems.net



References: