[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: Re: an ambiguity of draft-shacham-ippcp-rfc2393bis-07
From: Abraham Shacham <shacham () juniper ! net>
Date: 2001-09-28 22:11:48
[Download RAW message or body]
"Maxim V. Patlasov" wrote:
> draft-shacham-ippcp-rfc2393bis-07 reads:
> > Note: In the case of an encapsulated IP header (e.g., tunnel mode
> > encapsulation in IPsec), the datagram payload is defined to start
> > immediately after the outer IP header; accordingly, the inner IP
> > header is considered part of the payload and is compressed.
>
> It implies that that datagram payload contains ESP header (SPI+RPL)
> and so is subject of compression. In the other hand it should not be
> compressed because:
> > The compression of outbound IP datagrams MUST be done before any IP
> > security processing, such as encryption and authentication, and
>
> How should the former quote be interpreted ?
>
The first paragraph of the spec (now rfc3173,
the I-D announcement came out-of-the-blue)
is part of the definition of the IP payload to compress.
The spec earlier points to the fact that encrypted
data does not compress -- the reason
for introducing compression at layer 3 --
therefore compression must be done before encryption.
Regards,
avram
>
> Thanks in advance,
> Maxim
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic