[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RFC 2401 section 5.2.1
On Fri, 24 Nov 2000 12:34:48 EST you wrote
>
> We use tunnel mode for end-to-end security quite routinely. In fact, it
> seems to us that tunnel mode actually gives slightly higher security,
> because it obscures whether the communication really *is* end-to-end or is
> being done on behalf of other hosts.
Obscured from whom? Don't transport mode and tunnel mode packets look
identical to a passive evesdropper since the Next Header field is encrypted?
(Assuming you're not doing AH, or NULL ESP, which from your previous
statements seems plausible).
Dan.
Follow-Ups:
References: