IPsec Evaluation (fwd)

Vasek Petricek petricek at KOLEJ.MFF.CUNI.CZ
Mon Jan 31 17:32:36 EST 2000


On Wed, 26 Jan 2000, Robert Moskowitz wrote:

> At 01:32 PM 1/25/2000 -0600, Tina Bird wrote:
>
> >The review is divided into two main sections.  The
> >first one evaluates IPsec's handling of bulk data
> >transmission.  It recommends dropping AH and ESP
> >transport mode from the protocol, claiming that the
> >security these options provide is far outweighed
> >by the complexity they add into VPN systems.
>
> If the world is nothing but VPNs, I would agree with this.
>
> However, VPNs are just a stepping stone to end to end protection.  For
> this, it is ESP transport mode that should be used.  Further, tunnel mode
> provides more known text for attacks.

The suggested compression by specifying the fields that are the same in
inner and outer header can help reduce the amount of known text so that
it will have nearly the same overhead as ESP transport.

Vasek Petricek

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list