[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: tunnle mode SAs...
On Wed, 25 Apr 2001 12:26:05 EDT you wrote
>
> On inbound
> 1. - dencrypt each fragment
> - defragment a packet
> or
> 2. - defragment a packet
> - dencrypt a packet
>
> The second case (2), I think, is used more often.
> You should handle both cases if you want to cover all situations.
I don't think 1 is possible. We authenticate encrypted packets and you
must reconstruct the entire packet before you can authenticate it.
Dan.
References: