[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[2]: IPSEC document reading party!
ESP tunneling without encryption cannot be substituted with IP-in-IP
tunneling. It provides authentication and integrity services to the
encapsulated packet. Note that this is different from AH which will
cover the outer IP headers and options also.
Sumit A. Vakil
3Com, Corp.
______________________________ Reply Separator _________________________________
Subject: Re: IPSEC document reading party!
Author: John Ioannidis <ji@research.att.com> at Internet
Date: 12/13/97 10:44 AM
> - in the DOI document there is a reference to using ESP with a NULL
He's right. If a policy calls for tunneling, the mechanisms should be
IP-in-IP encapsulation, plain and simple. In other words, it's not that
ESP should be used with no encryption; it's that ESP should not be used at all!
/ji
Received: from usr.com (mailgate.usr.com) by robogate2.usr.com with SMTP
(IMA Internet Exchange 2.02 Enterprise) id 492D8B80; Sat, 13 Dec 97 12:49:28
-0600
Received: from portal.ex.tis.com by usr.com (8.8.5/3.1.090690-US Robotics)
id LAA28864; Sat, 13 Dec 1997 11:23:48 -0600 (CST)
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id
KAA07093 for ipsec-outgoing; Sat, 13 Dec 1997 10:38:05 -0500 (EST)
From: John Ioannidis <ji@research.att.com>
Date: Sat, 13 Dec 1997 10:44:43 -0500 (EST)
Message-Id: <>
To: gordo@telsur.cl, tytso@MIT.EDU
Cc: ipsec@tis.com
Subject: Re: IPSEC document reading party!
Sender: owner-ipsec@ex.tis.com
Precedence: bulk