[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Another NAT Traversal question

To: <Francis.Dupont@enst-bretagne.fr>
Subject: RE: Another NAT Traversal question
From: "Jayant Shukla" <jshukla@trlokom.com>
Date: Sat, 1 Mar 2003 19:46:44 -0800
Cc: <ipsec@lists.tislabs.com>
Importance: Normal
In-Reply-To: <200303011357.h21Dvvof078944@givry.rennes.enst-bretagne.fr>
Sender: owner-ipsec@lists.tislabs.com



> -----Original Message-----
> From: Francis.Dupont@enst-bretagne.fr [mailto:Francis.Dupont@enst-
> bretagne.fr]
> 
>    I don't think you need to do what you have explained.
> 
> => I need it if I consider the transport layer is independent.
> 

Transport layer is not independent of IP layer. The pseudo-header in
transport layer checksum contains IP header information. 

>    If you want, test the checksum before you authenticate/decrypt the
>    packet.
> 
> => how? the checksum is ciphered.
> 

Checksum of the UDP header! If you check the checksum of the UDP header,
and authenticate the packet, how in the world can you have errors or
wrong checksum in the encapsulated part of the packet (I mean apart from
the wrong IP address)? Please explain!

Regards,
Jayant
www.trlokom.com

Follow-Ups:
- Re: Another NAT Traversal question
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

References:
- Re: Another NAT Traversal question
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

Prev by Date: Re: suites vs. a la carte and IPcomp in IKEv2-05
Next by Date: RE: suites vs. a la carte and IPcomp in IKEv2-05
Prev by thread: Re: Another NAT Traversal question
Next by thread: Re: Another NAT Traversal question
Index(es):
- Date
- Thread