Scott, > From: ipsec-boun...@ietf.org On Behalf Of Scott C Moonen > Sent: Thursday, November 12, 2009 2.37 AM > To: Jack Kohn > Cc: ipsec@ietf.org; ipsec-boun...@ietf.org > Subject: Re: [IPsec] WESP - Roadmap Ahead > > Jack, I'm not sure it's clear yet whether WESP will be widely adopted. > There's disagreement between end-node and middle-node folks as to whether > WESP or heuristics are the best approach for inspection of ESP-NULL traffic. > I think that end-node vendors will be very reluctant to adopt
I cant comment on the interest of the end-node vendors, but i can certainly say that this will be of interest to the router vendors. There are currently a lot of applications (routing/signaling for instance) where we use ESP-NULL for integrity protection (confidentiality is not an issue there) and it will be really good if there are ways to deep inspect these packets for proper QoS treatment. > WESP widely until there is broad customer demand for it, and I'm not > sure that this demand will ever materialize. > > This is all my personal opinion, of course. But it seems to me that > heuristics > will have to be adopted by competitive middle-node vendors, and > therefore (barring any extensions to WESP that make it attractive > for other reasons) the use of heuristics will probably always be more > widespread and will dampen the demand for WESP. Additionally, There you go: http://tools.ietf.org/html/draft-montenegro-ipsecme-wesp-extensions-00 > ESP-NULL itself has rather narrow applicability in an environment where > end-to-end encryption is increasingly common, which further limits Most routing, signaling protocols use ESP-NULL (it's a MUST, while support for AH is a MAY) and I can see benefits of moving to WESP from the QoS perspective. I am not saying that we cannot do QoS with ESP, but it just becomes a tad more flexible/easier with WESP. > the cases where there will be an absolute need for WESP. Furthermore, > there will always be valid reasons to use AH (reduced overhead compared to > WESP). > > For reasons like these, I believe it's premature to call for deprecation > of AH and even more premature to start preferring WESP to ESP. I agree. > > What status will the WESP RFC have? Experimental, informational, standards > track, etc.? Standards Track Cheers, Manav > > > Scott Moonen (smoo...@us.ibm.com) > z/OS Communications Server TCP/IP Development > http://www.linkedin.com/in/smoonen <http://www.linkedin.com/in/smoonen> _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
