Loki wrote: > Also, AH isn't a "packet" it > provides authentication mechanisms for IP datagrams and protection against > replay attacks. Then "ESP" isn't really a packet either, since it's just the encrypted payload. By the way, you can have a "AH" packet i.e. tunnel AH packet (good for gateway-to-gateway connections) [IP header 1] [AH] [IP Header 2] [TCP Header] [data] transport AH packet (host-to-host) [IP header 1] [AH] [TCP header 2] [data] The authentication header provides integrity for the IP header, the encapsulating security payload just secures everything in the packet that follows the header. Just my $0.02 on this. > RFC 2402: > ftp://ftp.isi.edu/in-notes/rfc2402.txt > > Loki > www.fatelabs.com -- Emre Yildirim <emreat_private> GPG KeyID 0xF9E4A1D1 (keyserver.pgp.com) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Nov 26 2001 - 11:42:46 PST