|Newer page:||version 2||Last edited on Thursday, April 24, 2003 10:09:44 am||by PerryLorier|
|Older page:||version 1||Last edited on Thursday, April 24, 2003 4:08:05 am||by JeeKay||Revert|
@@ -3,5 +3,5 @@
ESP is the protocol used by [IPSec] when it wants to encrypt the packets traversing the tunnel. It does not provide authentication as such, so any program using ESP should either also use [AH] or allow for authentication via some other method. Without authentication, a ManInTheMiddle attack becomes trivial and the usefulness of having the data encrypted is nullified.
More analysis is available at http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/ipsec.html#ESP.ipsec.
-ESP is defined in
RFC 2406 | http
: //www.ietf.org/rfc/rfc2406.txt ].
+ESP is defined in RFC: