[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipsec
Subject:    Re: an ambiguity of draft-shacham-ippcp-rfc2393bis-07
From:       Abraham Shacham <shacham () juniper ! net>
Date:       2001-09-28 22:11:48
[Download RAW message or body]

"Maxim V. Patlasov" wrote:

> draft-shacham-ippcp-rfc2393bis-07 reads:
> >   Note: In the case of an encapsulated IP header (e.g., tunnel mode
> >   encapsulation in IPsec), the datagram payload is defined to start
> >   immediately after the outer IP header; accordingly, the inner IP
> >   header is considered part of the payload and is compressed.
>
> It implies that that datagram payload contains ESP header (SPI+RPL)
> and so is subject of compression. In the other hand it should not be
> compressed because:
> >   The compression of outbound IP datagrams MUST be done before any IP
> >   security processing, such as encryption and authentication, and
>
> How should the former quote be interpreted ?
>

The first paragraph of the spec (now rfc3173,
the I-D announcement came out-of-the-blue)
is part of the definition of the IP payload  to compress.
The spec earlier points to the fact that encrypted
data does not compress -- the reason
for introducing compression at layer 3 --
therefore compression must be done before encryption.

Regards,
avram


>
> Thanks in advance,
> Maxim

[prev in list] [next in list] [prev in thread] [next in thread]