What email encryption is actually in use?

Trei, Peter ptrei at rsasecurity.com
Mon Nov 4 08:27:50 PST 2002


> Tyler Durden[SMTP:camera_lumina at hotmail.com] writes:
> 
> 
> "Most the ones I've seen are IPSEC over IPv4. You might be able to glean
> some info from packet size, timing, and ordering, but not much. IPSEC
> takes a plaintext IP packet and treats the whole thing as a data block
> to be encrypted."
> 
> SO this would indicate that IPSEC creates a sort of blockage from seeing
> up 
> to Layers 4/5/6. Now when you say it takes the IP packet, is this just the
> 
> datagram or is it also he procotol bytes? (I'm assuming the layer-2 
> information remains intact.) If the protocol bytes are unencrypted, then 
> there's a LOT that can probably be determined about any IP session. If the
> 
> protocol bytes are encrypted, then this will ot be a very flexible
> session, 
> no? (More of a secure pipe I guess.)
> 
> And then, does IPSEC include specification for MPLS? I would assume that
> the 
> MPLS header information is not encrypted, simply because the headers have
> no 
> global significance...
> 
It's a pipe. The whole plaintext IP packet, from start to finish, including 
headers and checksum, gets treated as data, and encrypted.

The encrypted packet is the data for a new packet, which goes from one
firewall to another (and has only the firewall IP addresses exposed). The
packets visible on the outside only tell Eve that firewall A sent firewall
B an IPSEC packet of a certain size, with a particular Security Association.

(ie, the protocol field says 'this is an IPSEC packet').

A single SA can be used for many, many, internal connections.

Check the IPSEC RFCs for more info.

Peter Trei





More information about the cypherpunks-legacy mailing list