[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: Re: [Ipsec] clarification on USE_TRANSPORT_MODE Notify
From: Markku Savela <msa () burp ! tkv ! asdf ! org>
Date: 2004-11-25 14:48:44
Message-ID: 200411251448.iAPEmiWJ012648 () burp ! tkv ! asdf ! org
[Download RAW message or body]
> From: Tero Kivinen <kivinen@iki.fi>
> If I remember right from the RFC2401bis discussion it is now assumed
> that AH and ESP are negotiated using the multiple runs through the
> IPsec processing (i.e. nested SAs). In this case I would assume they
> would be negotiated using separate CHILD_SA exchanges too, so there
> would not be any reason to really put part of the SAs tunnel mode and
> part to transport mode.
I hope you meant, that if we have a packet
IP1 AH ESP IP2 ...
then
AH is in transport mode
ESP is in tunnel mode
That's the only sensible definition. If AH is "tunnel mode" the packet
is faulty, because AH is not followed by IP header!
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic