Hacker News new | past | comments | ask | show | jobs | submit login
Security Architecture for the Internet Protocol (1995) (ietf.org)
3 points by fulafel on Sept 7, 2023 | hide | past | favorite | 1 comment



There's some interesting historical context in how IP was envisioned to have host-to-host (aka end-to-end) security, vs only the gateway model that won out. It's somewhat different from the "overlay network" we know today in that hosts would just use their normal IP addresses but negotiate to use IPSec to communicate between them.

3.2.2 Usage of ESP

   ESP works between hosts, between a host and a security gateway, or
   between security gateways.  [...]
    When both hosts directly implement ESP and there
   is no intervening security gateway, then they may use the Transport-
   mode (where only the upper layer protocol data (e.g., TCP or UDP) is
   encrypted and there is no encrypted IP header).  This mode reduces
   both the bandwidth consumed and the protocol processing costs for
   users that don't need to keep the entire IP datagram confidential.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: