[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Simplifying IKE

To: Steve.Robinson@psti.com
Subject: Re: Simplifying IKE
From: Joe Touch <touch@ISI.EDU>
Date: Wed, 08 Aug 2001 05:56:10 -0700
CC: Sandy Harris <sandy@storm.ca>, ipsec@lists.tislabs.com, owner-ipsec@lists.tislabs.com
References: <OFF3221DFC.55F00D4A-ON80256AA2.003F5E91@psti.com>
Sender: owner-ipsec@lists.tislabs.com



Steve.Robinson@psti.com wrote:
> 
> A few comments:
> 
> 2a: eliminate ESP authentication
> 3a: require AH on all packets. No choice, no null mode. An IPsec connection
>        authenticates all packets, period.

Null mode is useful, if only for debugging and performance measurement.

Jor

References:

Re: Simplifying IKE

From: Steve.Robinson@psti.com

Prev by Date: Re: Simplifying IKE
Next by Date: Re: Simplifying IKE
Prev by thread: Re: Simplifying IKE
Next by thread: RE: Simplifying IKE
Index(es):
- Main
- Thread