What parts of an IP datagram should we protect with authentication? Can we protect the entire IP header? Does it make sense to protect any of the IP header?
9.2
What parts of an IP datagram should we protect with encryption? Can we protect the entire IP header? Does it make sense to protect any of the IP header?
9.3
Could we apply AH and ESP to an IP datagram by first applying AH and then ESP? What would be the advantages and disadvantages of doing so?
9.4
Given the problems with manual keying that we have seen in previous chapters, why would IPsec require that it be supported by compliant implementations?
