Yes and Yes. We see a lot of value in taking advantage of the extensibility of the protocol as it stands in the WESP today. Allowing WESP to not be simply a wrapper, and enabling encryption support are both fundamental for the future extensibilities. So we express our support of the these design decisions.
Mark -----Original Message----- Date: Tue, 5 Jan 2010 00:27:26 +0200 From: Yaron Sheffer <yar...@checkpoint.com> Subject: [IPsec] Traffic visibility - consensus call To: "ipsec@ietf.org" <ipsec@ietf.org> Hi, We have had a few "discusses" during the IESG review of the WESP draft. To help resolve them, we would like to reopen the following two questions to WG discussion. Well reasoned answers are certainly appreciated. But plain "yes" or "no" would also be useful in judging the group's consensus. - The current draft (http://tools.ietf.org/html/draft-ietf-ipsecme-traffic-visibility-11) defines the ESP trailer's ICV calculation to include the WESP header. This has been done to counter certain attacks, but it means that WESP is no longer a simple wrapper around ESP - ESP itself is modified. Do you support this design decision? - The current draft allows WESP to be applied to encrypted ESP flows, in addition to the originally specified ESP-null. This was intended so that encrypted flows can benefit from the future extensibility offered by WESP. But arguably, it positions WESP as an alternative to ESP. Do you support this design decision? Thanks, Yaron _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
