At 9:45 AM +0530 1/6/10, Venkatesh Sriram wrote:
> Would it help if WESP is renamed to something else? Since we're
discussing the fundamental principles of the protocol, i see no reason
why we cant change the name, if that helps. I think its the "Wrapped"
in the WESP thats causing most heart burn, lets change that to
something else .. something thats appeases everyone.
I agree. How about VESP - "Visible ESP" ? Its phonetically the same
as WESP. :)
I agree that WESP should not be clipped to only support ESP-NULL;
WESP was not initially proposed as a protocol that would encapsulate
encrypted traffic, so the term "clipped" is approproprioate only
relative to what WESP has mutated to become :-).
it
should be able to carry encrypted packets as well. Without this the
middle boxes would never know whether the ESP packet thats passing is
encrypted or not. One way could be to deprecate the use of ESP-NULL in
ESP, which would mean that if someone sees an ESP packet then it MUST
be an encrypted packet.
This is a local policy decision that avoid the need to have a flag in
the WESP header to indicate encrypted content. It need not be a
standards track action, as you suggest above.
This is as i understand impossible, so the only option left is to let
WESP also carry encrypted packets.
It certainly is not impossible as a local policy.
Steve
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
