On Fri, Jan 8, 2010 at 5:51 AM, Dan Harkins <dhark...@lounge.org> wrote: > > Hi Jack, > > On Thu, January 7, 2010 4:06 pm, Jack Kohn wrote: >> Folks, >> >> Some questions. >> >> o In a steady state, where we are using WESP only for ESP-NULL, what >> should a middle box do when it sees ESP traffic, besides >> hyperventilating and throwing up? Should it run heuristics (dang! no) >> or should it simply assume that the packet is encrypted and do >> whatever the local policy dictates it to do for all encrypted packets? >> I would guess that it'll be the latter as most middle boxes will NOT >> run heuristics. Then going forward, should we recommend obsoleting the >> use of NULL cipher with ESP, as thats the easiest way to get folks off >> using ESP-NULL. > > No.
Interesting. Then how to do you propose to get people started off with using WESP or the AH-lite? > >> o Are we going to approach the other WGs to starting using WESP >> wherever they propose to use ESP-NULL? Is that the plan? > > I sure hope not! Curious. Why not? > > Dan. > > > > _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
