On Jan 7, 2010, at 9:14 AM, Charlie Kaufman wrote: > Oh sigh!! What is it about IPsec that makes people go down this same path > every time:
<snip/> IPsec? So I guess you haven't been following the TLS mailing list these past couple of months. I don't think anyone's described a practical attack on WESP without extending the ICV protected data, but I'm afraid that if we don't extend it, someday somebody will, and then we'll really have a situation like they have, retrofitting "new ICV" into "old WESP", using "extensions" that many did not implement correctly. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
