[e2e] where to put endpoint authentication?

Joe Touch touch at ISI.EDU
Mon May 10 13:32:03 PDT 2004

RJ Atkinson wrote:

> On May 10, 2004, at 14:09, Joe Touch wrote:
>> HIP (IMO) appears similar to IPsec in the protection it provides (i.e.,
>> network layer), and is very similar to IPsec tunnel mode in how endpoint
>> ID is somewhat decoupled from forwarding ID (like E2E tunnels, the
>> endpoint needs to 'route' based on these endpoint IDs, though).
> "similar" was a good choice of wording above.  My perception is that
> the set of protections provided with HIP is not identical with those
> provided by ESP/AH.  Maybe I am just confused about how HIP works.
> Ran

The particular encryption and key exchange algorithms aside (though they 
may be the critical difference), HIP is indistinguishible in spirit from 
an IPsec e2e tunnel between the two endpoints. The former's inner IP 
header + AH signature are equivalent in that sense to the HIP ID.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://www.postel.org/pipermail/end2end-interest/attachments/20040510/4fa1e7d3/signature.bin

More information about the end2end-interest mailing list