[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Death to AH (was Re: SA identification)

To: Sandy Harris <sandy@storm.ca>
Subject: Re: Death to AH (was Re: SA identification)
From: Jason R Thorpe <thorpej@zembu.com>
Date: Fri, 23 Mar 2001 21:32:12 -0600
Cc: IP Security List <ipsec@lists.tislabs.com>
In-Reply-To: <3ABBDAE8.10C4BD86@storm.ca>; from sandy@storm.ca on Fri, Mar 23, 2001 at 06:23:20PM -0500
Mail-Followup-To: Jason R Thorpe <thorpej@zembu.com>,Sandy Harris <sandy@storm.ca>,IP Security List <ipsec@lists.tislabs.com>
Organization: Zembu Labs, Inc.
References: <200103232043.f2NKhP902885@thunk.east.sun.com> <3ABBDAE8.10C4BD86@storm.ca>
Reply-To: thorpej@zembu.com
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mutt/1.2.5i

On Fri, Mar 23, 2001 at 06:23:20PM -0500, Sandy Harris wrote:

 > The suggestion is Schneier and Ferguson's, and they said transport mode.
 > 
 > Methinks you can implement either mode in terms of the other, either doing tunnels
 > over transport connections or treating transport mode as a tunnel with single
 > machines as endpoints.

Well, you *could* emulate transport mode that way, but it would mean
needless overhead (extra IP header), and tunnel mode isn't really
straightforward to implement (IP-IP tunnels + transport has a much
nicer code path on many implementations).

-- 
        -- Jason R. Thorpe <thorpej@zembu.com>

References:

Re: Death to AH (was Re: SA identification)

From: Bill Sommerfeld <sommerfeld@East.Sun.COM>

Re: Death to AH (was Re: SA identification)

From: Sandy Harris <sandy@storm.ca>

Prev by Date: Re: Death to AH (was Re: SA identification)
Next by Date: Re: Two issues: AH death, and SA identification
Prev by thread: Re: Death to AH (was Re: SA identification)
Next by thread: Re: Death to AH (was Re: SA identification)
Index(es):
- Main
- Thread