Hosting Provided By

Re: linux-ipsec: Latest IPsec and connecting two IP networks.... :-(

From: Henry Spencer <henry(at)spsystems.net>
Date: Tue Sep 01 1998 - 10:18:09 EDT

> I now have an environment where every computer on one network can see

A practical note: if you're using the authentication that's built into ESP (which you are), then there is little reason to stack AH on top. The added protection that you get from doing this is minimal.

(Just why there are two different ways of doing authentication is a long story. Suffice it to say that ESP authentication is very nearly as strong as AH authentication, and indeed there is some debate about whether AH adds any useful strength at all. In fact, there has been some debate about whether AH is still worth having, and that decision might well go the other way if the standard was being redesigned from scratch.)

> Sep 1 21:27:40 sydney kernel: ahhmacmd5_init: incorrect key size: 56 --

Now that's a wee bit curious... Let me see if I can duplicate it.

                                                          Henry Spencer
                                                       henry@spsystems.net
                                                     (henry@zoo.toronto.edu)

Received on Tue Sep 1 12:00:57 1998

This message: [ Message body ]
Next message: Henry Spencer: "Re: linux-ipsec: Latest IPsec and connecting two IP networks.... :-("
In reply to David Sainty: "Re: linux-ipsec: Latest IPsec and connecting two IP networks.... :-("
Next in thread: Henry Spencer: "Re: linux-ipsec: Latest IPsec and connecting two IP networks.... :-("
Reply: Henry Spencer: "Re: linux-ipsec: Latest IPsec and connecting two IP networks.... :-("

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:26 EDT