[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RFC 2401 section 5.2.1
On Fri, 24 Nov 2000, Francis Dupont wrote:
> => VPN is not the only usage of IPsec and transport mode is better for
> end-to-end security.
How is it "better"? Aside from slightly reducing the byte count on the
wire, I mean?
We use tunnel mode for end-to-end security quite routinely. In fact, it
seems to us that tunnel mode actually gives slightly higher security,
because it obscures whether the communication really *is* end-to-end or is
being done on behalf of other hosts.
> PS: there are many votes about AH in the past, AH is still alive...
So far, yes.
> ...and needed by many IPv6 protocols (cf Itojun's mail).
That is exactly the question: *should* those protocols be relying on the
quirks of AH? It would be better if they could also work with ESP.
Henry Spencer
henry@spsystems.net
Follow-Ups:
References: