[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Does ESP do Data Origin Authentication ...

To: ipsec@lists.tislabs.com
Subject: Does ESP do Data Origin Authentication ...
From: "Dinesh Jaiswal" <dinesh_jaiswal@hotmail.com>
Date: Tue, 12 Sep 2000 18:47:38 IST
Sender: owner-ipsec@lists.tislabs.com

Hi,

   I am a newbie to the whole concept of IP-Sec, so please excuse me if I my 
question is naive.

   In RFC2401,Sec 3.2, ESP is defined as a protocol that in addition to other 
things can provide data origin authentication. In RFC2406, in Sec 3.1, I 
find that ESP can authenticate everything in the packet except the IP 
header. However, in tunnel mode, since  the packet is tunneled, so ESP can 
authenticate the original IP header but not the new IP header.

    So, when we say that ESP provides data origin authentication, the 
statement is applicable only for tunnel mode and not for transport mode.

    Is my understanding of this concept correct or did I miss something?

Thanks,
-Dinesh
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.

Follow-Ups:

Re: Does ESP do Data Origin Authentication ...

From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: Does ESP do Data Origin Authentication ...
Next by Date: Re: Does ESP do Data Origin Authentication ...
Next by thread: Protocol specific and port specific SAs
Index(es):
- Main
- Thread