[c-nsp] vpn

[Robert E.Seastrom]

"Ted Mittelstaedt" <tedm at toybox.placo.com> writes:

> AH doesen't go through translators.  ESP does.  AH is therefore not as
> popular as it used to be.

While what Ted says is completely true, it doesn't answer the question
in a meaningful way.

AH and ESP accomplish different goals, though by its very nature ESP
provides a superset of the functionality provided by AH.  AH is a
checksum and signing service but does not protect the content from
interception and monitoring, only tampering and spoofing.  ESP is a
confidentiality service and protects the contents of the packet from
viewing (or spoofing, or modification) by third parties.

AH doesn't go through *AT boxes because the checksum is performed over
the entire packet, end-to-end, and then that packet is sent on the
wire.  With ESP, the payload packet is put into another packet after
being encrypted.

For further details, go here:

http://www.netbsd.org/Documentation/network/ipsec/#ipsec_breakdown

                                        ---Rob


>
> Ted
>
>>-----Original Message-----
>>From: cisco-nsp-bounces at puck.nether.net 
>>[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Mad Unix
>>Sent: Friday, September 02, 2005 1:20 PM
>>To: cisco-nsp at puck.nether.net
>>Subject: [c-nsp] vpn
>>
>>
>>I want to know what are the differences between Authentication 
>>Header (AH) 
>>and Encapsulation
>>Security Payload (ESP)?
>>  Thanks
>>_______________________________________________
>>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>-- 
>>No virus found in this incoming message.
>>Checked by AVG Anti-Virus.
>>Version: 7.0.344 / Virus Database: 267.10.18/86 - Release Date: 
>>8/31/2005
>>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/