On Thu, Jan 07, 2010 at 06:10:10PM -0600, Nicolas Williams wrote: > On Tue, Jan 05, 2010 at 12:27:26AM +0200, Yaron Sheffer wrote: > > - The current draft > > (http://tools.ietf.org/html/draft-ietf-ipsecme-traffic-visibility-11) > > defines the ESP trailer's ICV calculation to include the WESP header. > > This has been done to counter certain attacks, but it means that WESP > > is no longer a simple wrapper around ESP - ESP itself is modified. Do > > you support this design decision? > > No. > > > - The current draft allows WESP to be applied to encrypted ESP flows, > > in addition to the originally specified ESP-null. This was intended so > > that encrypted flows can benefit from the future extensibility offered > > by WESP. But arguably, it positions WESP as an alternative to ESP. Do > > you support this design decision? > > I don't fully understand why we actually need this, but I think the > above is instantly objectionable, while this may be less so. (Just > thinking in terms of what changes would be required to existing IPsec > implementations.)
I believe I understand the issues now, and I believe this extension is not needed, therefore: No. Nico -- _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
