Quick summary -- AH: only supports authenticity and integrity validation of payload ESP: supports authenticity, integrity and confidentiality of either payload only (TRANSPORT MODE) or entire IP packet (TUNNEL MODE)
3:44 completely incorrect, Within ESP Transport Mode, the Authentication occurs for: ESP header, TCP header, Data Payload, Esp Trailer whats left out is the IP header as you rightfully said.
Quick summary --
AH: only supports authenticity and integrity validation of payload
ESP: supports authenticity, integrity and confidentiality of either payload only (TRANSPORT MODE) or entire IP packet (TUNNEL MODE)
best explanation ive found
you are a legend
Would love an explanation on Security Associations! Great explanation thanks
I will probably come around to it next week!
There you go: th-cam.com/video/oeJBiV1rtJw/w-d-xo.html
around 1:20 you kinda contradict yourself. you said ESP only covers confidentiality but then say it covers all of them so I was a bit confused..
ESP initially covered only confidentiality. Now, ESP covers all three protection goals. Sorry, if I made it confusing.
nice thx mate
3:44
completely incorrect,
Within ESP Transport Mode, the Authentication occurs for: ESP header, TCP header, Data Payload, Esp Trailer
whats left out is the IP header as you rightfully said.