Jack, I'm not sure it's clear yet whether WESP will be widely adopted. There's disagreement between end-node and middle-node folks as to whether WESP or heuristics are the best approach for inspection of ESP-NULL traffic. I think that end-node vendors will be very reluctant to adopt WESP widely until there is broad customer demand for it, and I'm not sure that this demand will ever materialize.
This is all my personal opinion, of course. But it seems to me that heuristics will have to be adopted by competitive middle-node vendors, and therefore (barring any extensions to WESP that make it attractive for other reasons) the use of heuristics will probably always be more widespread and will dampen the demand for WESP. Additionally, ESP-NULL itself has rather narrow applicability in an environment where end-to-end encryption is increasingly common, which further limits the cases where there will be an absolute need for WESP. Furthermore, there will always be valid reasons to use AH (reduced overhead compared to WESP). For reasons like these, I believe it's premature to call for deprecation of AH and even more premature to start preferring WESP to ESP. What status will the WESP RFC have? Experimental, informational, standards track, etc.? Scott Moonen (smoo...@us.ibm.com) z/OS Communications Server TCP/IP Development http://www.linkedin.com/in/smoonen From: Jack Kohn <kohn.j...@gmail.com> To: ipsec@ietf.org Date: 11/11/2009 11:06 AM Subject: [IPsec] WESP - Roadmap Ahead Hi, From operational perspective if we are supporting both v4 and v6 (and we will) then having different protocols ESP and AH is and will be a nightmare. Common denominator is ESP-Null. However, there were issues with ESP-Null as it couldnt be deep inspected which has now been solved with WESP. In short, the argument that "Oh, but we can inspect AH packets" is not relevant anymore. Given this, should we still have AH as a MAY for IPSEC - Cant we deprecate it? WESP is ESP++, and it offers everthing that ESP offers plus more. What is our stance for ESP moving forward? Also, I see that a lot of work done in other WGs is still using ESP (primarily for data integrity). Shouldn’t they be moving to WESP, as WESP offers more flexibility? Jack _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
