Hi Tero, We have one working group draft dealing with new ESP-null implementations. We have another draft dealing with unchanged ESP-null implementations. I suggest we don't confuse everybody by adding a third category: just-a-little-tiny-bit changed implementations. In other words, I think the second change is *not* a good idea.
Thanks,
Yaron
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On Behalf Of
> Tero Kivinen
> Sent: Tuesday, July 07, 2009 22:37
> To: Paul Hoffman
> Cc: [email protected]
> Subject: Re: [IPsec] I-D Action:draft-ietf-ipsecme-esp-null-heuristics-
> 00.txt
>
> Paul Hoffman writes:
> > > Title : Heuristics for Detecting ESP-NULL packets
> > Soooo, that was two months ago, and there has been no discussion.
> > Has anyone other than the document authors (and the WESP authors)
> > read the document? Does the WG find this to be useful?
> >
> > Tero and Dan: have you found anything that you want to change?
>
> We did receive few comments that might be added to the draft, those
> were about the GCM IV (i.e. they might not be random, but might be
> counter, which means they might have lots of zeroes in the beginning,
> and that might affect the heuristics a bit), and another were about
> adding some section about how end-nodes can make small changes to make
> the heuristics more efficient (i.e. use more than minimal number of
> padding, for first few packets for new SA, and make sure GCM IVs look
> random enough, so they cannot be confused for TCP or UDP headers).
>
> I have not made those changes, as I am not sure if we want to even add
> both of them. I was mostly waiting for more comments and then think
> again about whether to add those or not.
>
> Ps. I am currently on vacation until IETF, so I am reading my emails
> very randomly...
> --
> [email protected]
> _______________________________________________
> IPsec mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/ipsec
>
> Scanned by Check Point Total Security Gateway.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
