-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 5 Jul 2002, Brett Mason wrote:
> Sam,
>
> I was surprised by your answer to this question as I thought that the packet
> would
> have to be treated by ESP first and then AH. The reason for this as AH protects
> the
> packet and any alteration such as encrypting it would break AH.
If we're talking about the order in which ESP and AH are applied to an
individual packet, were both to be applied: yes, the packet is first treated
with ESP, then AH.
When FreeS/WAN uses both ESP and AH, we only authenticate once, using AH;
ESP is used for encryption only. (As opposed to authentication with both ESP
and AH.)
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPSTnQEOSC4btEQUtAQGyFwP/Ro6w5vDlG2Da8CHHsvkFMtLhnx3buXcC
wrZddGPW5cvU4k6g1qI/AVzDWSngAuzMZQ4jBDEcRDOTZpsUqWB4cJYSPHzISuzs
YjoZmYjafZH9F6jAmHo36YGAPCWkeJHH8JvP7tApdX8SNRFhuYS+tyTPOX9Vze+8
kKLfnj7qauI=
=rICs
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:18 CEST