Cryptography Reference
In-Depth Information
Diagram 8.15 Standard IPv6 Packet
Original IP Header Extension Headers TCP DATA
(possibly options)
(if present)
Diagram 8.16 IPv6 AH Packet in Transport Mode
Original IP
Site-by-Site
Destination
Header
Destination
AH
Options
TCP DATA
Routing Info.
Diagram 8.17 IPv6 AH Packet in Tunnel Mode
New IP Extension
Original IP Extension
Header
Headers
AH
Header
Headers
TCP DATA
(Optional)
Diagram 8.18 IPv6 ESP Packet in Transport Mode
Original IP
Site-by-Site
ESP
Destination
···
Header
Destination
Header
Options
(possibly options) Routing Info.
TCP DATA
ESP ESP
Trailer Authentication
···
Diagram 8.19 IPv6 ESP Packet in Tunnel Mode
New IP New Extension
ESP
Original IP
Header
Headers
Header
Header
···
Original Extension TCP DATA
ESP
ESP
···
Header
Trailer Authentication
An SA in AH mode MUST have associated AH information containingthe
authentication algorithm; keys; key lifetimes; and any related data necessary for
the interoperability of the IPSec implementation. Similarly, in ESP mode an
SA MUST have the encryption and authentication algorithm; keys; initialization
values; key lifetimes; and any other data essential to the implementation.
There are also means of usinglayered security protocols via IP tunnelin,
called iterated tunneling . In these cases, the options involve tunnels, each of
which can begin and end at any given IPSec site along the route. Both parts of
the illustrated configurations of Diagram 8.20 involve the host-to-host tunneling
described in the discussion of tunnel mode on page 302.
Search WWH ::




Custom Search