Ken Grewal wrote: > The either-or on using an ICV or explicitly checking the WESP header > on the recipient was based on the assumption that the threat does > not come from the sender and only from some other malicious entity > after the packet has been sent. > > This was the reason for simplifying the header check by using the > ICV, instead of explicitly checking every field.
Note that the current draft *does* explicitly check ever field. Are you proposing removing those checks? Best regards, Pasi (not wearing any hats) _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
