[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC 2401 section 5.2.1

To: Dan Harkins <dharkins@cips.nokia.com>
Subject: Re: RFC 2401 section 5.2.1
From: Henry Spencer <henry@spsystems.net>
Date: Tue, 28 Nov 2000 17:28:16 -0500 (EST)
cc: Francis Dupont <Francis.Dupont@enst-bretagne.fr>, ipsec@lists.tislabs.com, mobile-ip@standards.nortelnetworks.com
In-Reply-To: <200011270152.RAA24730@potassium.network-alchemy.com>
Sender: owner-ipsec@lists.tislabs.com

On Sun, 26 Nov 2000, Dan Harkins wrote:
> > seems to us that tunnel mode actually gives slightly higher security,
> > because it obscures whether the communication really *is* end-to-end...
> 
> Obscured from whom? Don't transport mode and tunnel mode packets look
> identical to a passive evesdropper since the Next Header field is encrypted?

Unless the senders are doing clever things with padding etc., on most
links he can quickly tell whether tunneling is being done by inspecting
the low end of the packet-length distribution. 

                                                          Henry Spencer
                                                       henry@spsystems.net

References:

Re: RFC 2401 section 5.2.1

From: Dan Harkins <dharkins@cips.nokia.com>

Prev by Date: Re: RFC 2401 section 5.2.1
Next by Date: Re: RFC 2401 section 5.2.1
Prev by thread: Re: RFC 2401 section 5.2.1
Next by thread: Re: RFC 2401 section 5.2.1
Index(es):
- Main
- Thread