[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: IPsec vs ssh
On Fri, Nov 15, 2013 at 12:00:07AM -0800, John Nemeth wrote:
> } >
> } > A tunnel is basically encapsulation of any sort. So, when you
> } Wrong, wrong, wrong. IPsec has separate tunnel and transport modes.
> If you had been following the thread, and seen the configuration
> examples you would have seen that he was using IPSec in tunnel
> mode. Transport mode, of course, doesn't encapsulate the packet;
> it simply adds an ESP header (and encrypts the data portion) or an
> AH header. Regardless of this, the statement that, "A tunnel is
> basically encapsulation of any sort," stands on it's own, and is
> correct. NOT WRONG!!!
I'm sorry you're upset, but what you said was still incorrect, and
shouting about it strikes me as vaguely like spitting at the sky because
IPsec transport-mode encapsulation is not "a tunnel" by any reasonable
definition of "a tunnel" I can think of. Neither is the encapsulation
of TCP in IPv4 nor in IPv6. Encapsulating a Mifare RFID tag in a glass
bead for injection under the skin of a cat, similarly, is not a tunnel.
Indeed, the only sort of rationale I can think of to support the claim
that "a tunnel is basically encapsulation of any sort" is one of the
form "because a tunnel is basically encapsulation of any sort". But,
for one reason or another, I do not find that terribly persuasive.
Main Index |
Thread Index |