*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  Linux HOWTOs -> Modes of using encryption and authentication              
Title
Content
 
   
Modes of using encryption and authentication

18.1. Modes of using encryption and authentication

Two modes of encryption and authentication of a connection are possible:

18.1.1. Transport mode

Transport mode is a real end-to-end connection mode. Here, only the payload (usually ICMP, TCP or UDP) is encrypted with their particular header, while the IP header is not encrypted (but usually included in authentication).

Using AES-128 for encryption and SHA1 for authentication, this mode decreases the MTU by 42 octets.

18.1.2. Tunnel mode

Tunnel mode can be used either for end-to-end or for gateway-to-gateway connection modes. Here, the complete IP packet is being encrypted and gets a new IP header prepended .

This mode usually decreases the MTU by 40 octets from the MTU of transport mode.

Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service