[e2e] where to put endpoint authentication?
Joe Touch
touch at ISI.EDU
Mon May 10 13:32:03 PDT 2004
RJ Atkinson wrote:
>
> On May 10, 2004, at 14:09, Joe Touch wrote:
>
>> HIP (IMO) appears similar to IPsec in the protection it provides (i.e.,
>> network layer), and is very similar to IPsec tunnel mode in how endpoint
>> ID is somewhat decoupled from forwarding ID (like E2E tunnels, the
>> endpoint needs to 'route' based on these endpoint IDs, though).
>
> "similar" was a good choice of wording above. My perception is that
> the set of protections provided with HIP is not identical with those
> provided by ESP/AH. Maybe I am just confused about how HIP works.
>
> Ran
The particular encryption and key exchange algorithms aside (though they
may be the critical difference), HIP is indistinguishible in spirit from
an IPsec e2e tunnel between the two endpoints. The former's inner IP
header + AH signature are equivalent in that sense to the HIP ID.
Joe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://www.postel.org/pipermail/end2end-interest/attachments/20040510/4fa1e7d3/signature.bin
More information about the end2end-interest
mailing list