Difference between revisions of "IPv6 Enkripsi: Mode untuk Enkripsi dan Authentikasi"
Onnowpurbo (talk | contribs) (New page: 20.1. Modes of using encryption and authentication Two modes of encryption and authentication of a connection are possible: 20.1.1. Transport mode Transport mode is a real end-to-end con...) |
Onnowpurbo (talk | contribs) |
||
| Line 2: | Line 2: | ||
Two modes of encryption and authentication of a connection are possible: | Two modes of encryption and authentication of a connection are possible: | ||
| − | 20.1.1. Transport mode | + | |
| + | ==20.1.1. Transport mode== | ||
Transport mode is a real end-to-end connection mode. Here, only the payload (usually ICMP, TCP or UDP) is encrypted with their particular header, while the IP header is not encrypted (but usually included in authentication). | Transport mode is a real end-to-end connection mode. Here, only the payload (usually ICMP, TCP or UDP) is encrypted with their particular header, while the IP header is not encrypted (but usually included in authentication). | ||
Using AES-128 for encryption and SHA1 for authentication, this mode decreases the MTU by 42 octets. | Using AES-128 for encryption and SHA1 for authentication, this mode decreases the MTU by 42 octets. | ||
| − | 20.1.2. Tunnel mode | + | |
| + | ==20.1.2. Tunnel mode== | ||
Tunnel mode can be used either for end-to-end or for gateway-to-gateway connection modes. Here, the complete IP packet is being encrypted and gets a new IP header prepended, all together constituing a new IP packet (this mechanism is also known as "encapsulation") | Tunnel mode can be used either for end-to-end or for gateway-to-gateway connection modes. Here, the complete IP packet is being encrypted and gets a new IP header prepended, all together constituing a new IP packet (this mechanism is also known as "encapsulation") | ||
This mode usually decreases the MTU by 40 octets from the MTU of transport mode. I.e. using AES-128 for encryption and SHA1 for authentication 82 octets less than the normal MTU. | This mode usually decreases the MTU by 40 octets from the MTU of transport mode. I.e. using AES-128 for encryption and SHA1 for authentication 82 octets less than the normal MTU. | ||
Revision as of 14:04, 27 June 2013
20.1. Modes of using encryption and authentication
Two modes of encryption and authentication of a connection are possible:
20.1.1. Transport mode
Transport mode is a real end-to-end connection mode. Here, only the payload (usually ICMP, TCP or UDP) is encrypted with their particular header, while the IP header is not encrypted (but usually included in authentication).
Using AES-128 for encryption and SHA1 for authentication, this mode decreases the MTU by 42 octets.
20.1.2. Tunnel mode
Tunnel mode can be used either for end-to-end or for gateway-to-gateway connection modes. Here, the complete IP packet is being encrypted and gets a new IP header prepended, all together constituing a new IP packet (this mechanism is also known as "encapsulation")
This mode usually decreases the MTU by 40 octets from the MTU of transport mode. I.e. using AES-128 for encryption and SHA1 for authentication 82 octets less than the normal MTU.