Scott C Moonen writes: > Jack, I'm not sure it's clear yet whether WESP will be widely adopted. > There's disagreement between end-node and middle-node folks as to whether > WESP or heuristics are the best approach for inspection of ESP-NULL > traffic. I think that end-node vendors will be very reluctant to adopt > WESP widely until there is broad customer demand for it, and I'm not sure > that this demand will ever materialize.
I agree on that... > This is all my personal opinion, of course. But it seems to me that > heuristics will have to be adopted by competitive middle-node vendors, and > therefore (barring any extensions to WESP that make it attractive for > other reasons) the use of heuristics will probably always be more > widespread and will dampen the demand for WESP. Additionally, ESP-NULL > itself has rather narrow applicability in an environment where end-to-end > encryption is increasingly common, which further limits the cases where > there will be an absolute need for WESP. Furthermore, there will always > be valid reasons to use AH (reduced overhead compared to WESP). And wider protection, i.e. IP addresses and options... > For reasons like these, I believe it's premature to call for deprecation > of AH and even more premature to start preferring WESP to ESP. Agree on that too. > What status will the WESP RFC have? Experimental, informational, > standards track, etc.? It is aimed for proposed standard, altough I would be happier if would be aimed for experimental. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
