On Wed, Dec 16, 2009 at 02:59:45PM -0800, Russ Housley wrote:
<SNIP!>
> The document allows the encapsulation of encrypted IPsec traffic.
> Why? I cannot see the justification for the use if WESP at all if
> the IPsec traffic is encrypted.
<tin-foil-hat>
Because THE MAN told 'em to do it!
</tin-foil-hat>
:)
Seriously though, I agree with Russ -- it makes little to no sense to expose
privacy-protected fields. If you're worried about traffic shaping, just put
all ESP/WESP/whatever packets in the lowest priority bucket. Any other
reason that springs to mind simply defeats the purpose of privacy-protection.
Dan
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
