At 8:56 PM +0200 1/6/10, Yaron Sheffer wrote:
Hi Steve,
Please reread my text. I was (in that paragraph) taking Manav's
side, i.e. assuming there's value in deterministic distinction
between encrypted and unencrypted ESP, and hence, gradually moving
the endpoints to WESP so that middleboxes have an easier time.
As we know, this opinion is not shared by everyone.
Thanks,
Yaron
Yaron,
Sorry. I missed that element of the context that you were assuming.
Nonetheless, the analysis I just sent in response to Brian's message
suggests that determinism is not possible if we consider the general
case of WESP-capable and legacy devices and a mix of encrypted and
integrity-only flows. That motivated my response. That analysis is
not an opinion :-). But, in fairness, I had not yet generated the
analysis when I sent my message, so ...
Steve
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
