I support advancing this document, and I think the explanations and pseudo code are good.
I do, however, question the value of it in real life. Security policies or the deep inspection kind usually are something like: - allow HTTP and HTTPS, and verify headers - allow ICMP and DNS - maybe some more allowed protocols - drop everything else I'm sure anything enforcing a policy like this will anyway drop ESP- non-null, because it doesn't look like one of those allowed protocols. However, YMMV so I support publishing this draft. On Sep 17, 2009, at 11:28 PM, Yaron Sheffer wrote: > This is to begin a 2 week working group last call for draft-ietf- > ipsecme-esp-null-heuristics-01. The target status for this document > is Informational. > > Please send your comments to the ipsec list by Oct. 1, 2009, as > follow-ups to this message. > > Note that this document has had very little review until now. We > will only progress it as a WG document if we have at least 3 non- > editor, non-WG chair reviewers who have read it and approve of it. > And yes, this means the pseudocode, too. There has been strong > support of ESP-null detection, so this document is likely to be > widely implemented. Your review will mean a lot to the technical > quality of this document. > > Please clearly indicate the position of any issue in the Internet > Draft, and if possible provide alternative text. Please also > indicate the nature or severity of the error or correction, e.g. > major technical, minor technical, nit, so that we can quickly judge > the extent of problems with the document. > > The document can be accessed here: > http://tools.ietf.org/html/draft-ietf-ipsecme-esp-null-heuristics-01 > > Thanks, > Yaron > _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
