On Tue, Jan 05, 2010 at 12:27:26AM +0200, Yaron Sheffer wrote: > We have had a few "discusses" during the IESG review of the WESP > draft. To help resolve them, we would like to reopen the following two > questions to WG discussion. Well reasoned answers are certainly > appreciated. But plain "yes" or "no" would also be useful in judging > the group's consensus. > > - The current draft > (http://tools.ietf.org/html/draft-ietf-ipsecme-traffic-visibility-11) > defines the ESP trailer's ICV calculation to include the WESP header. > This has been done to counter certain attacks, but it means that WESP > is no longer a simple wrapper around ESP - ESP itself is modified. Do > you support this design decision?
No. > - The current draft allows WESP to be applied to encrypted ESP flows, > in addition to the originally specified ESP-null. This was intended so > that encrypted flows can benefit from the future extensibility offered > by WESP. But arguably, it positions WESP as an alternative to ESP. Do > you support this design decision? I don't fully understand why we actually need this, but I think the above is instantly objectionable, while this may be less so. (Just thinking in terms of what changes would be required to existing IPsec implementations.) Nico -- _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
