Re: [IPsec] I-D Action:draft-ietf-ipsecme-esp-null-heuristics-00.txt

Tue, 07 Jul 2009 13:14:07 -0700 

Hi Tero,

We have one working group draft dealing with new ESP-null implementations.
We have another draft dealing with unchanged ESP-null implementations. I
suggest we don't confuse everybody by adding a third category:
just-a-little-tiny-bit changed implementations. In other words, I think the
second change is *not* a good idea.

Thanks,
        Yaron

> -----Original Message-----
> From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of
> Tero Kivinen
> Sent: Tuesday, July 07, 2009 22:37
> To: Paul Hoffman
> Cc: ipsec@ietf.org
> Subject: Re: [IPsec] I-D Action:draft-ietf-ipsecme-esp-null-heuristics-
> 00.txt
> 
> Paul Hoffman writes:
> > >   Title           : Heuristics for Detecting ESP-NULL packets
> > Soooo, that was two months ago, and there has been no discussion.
> > Has anyone other than the document authors (and the WESP authors)
> > read the document? Does the WG find this to be useful?
> >
> > Tero and Dan: have you found anything that you want to change?
> 
> We did receive few comments that might be added to the draft, those
> were about the GCM IV (i.e. they might not be random, but might be
> counter, which means they might have lots of zeroes in the beginning,
> and that might affect the heuristics a bit), and another were about
> adding some section about how end-nodes can make small changes to make
> the heuristics more efficient (i.e. use more than minimal number of
> padding, for first few packets for new SA, and make sure GCM IVs look
> random enough, so they cannot be confused for TCP or UDP headers).
> 
> I have not made those changes, as I am not sure if we want to even add
> both of them. I was mostly waiting for more comments and then think
> again about whether to add those or not.
> 
> Ps. I am currently on vacation until IETF, so I am reading my emails
> very randomly...
> --
> kivi...@iki.fi
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
> 
> Scanned by Check Point Total Security Gateway.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to