Re: [IPsec] Early Allocation Request for IPTFS_PROTOCOL IP protocol number.

Tue, 02 Jun 2020 13:41:56 -0700 

Tero Kivinen <kivi...@iki.fi> wrote:
    > I am bit concerned about this. First of all, as far as I understand
    > for IPsec we do not need real IP protocol number, as the number we are
    > using is never going to appear anywhere in the actual IP packet
    > header, it only appears in the ESP trailer Next Header field.

Yes, we did have this conversation.
We know that it can't be a number that IANA might re-use for a an actual
protocol number.
So it could somehow be a re-use of something that is obsolete, historic, or
just contradicted with ever being used with IPsec.  (If I had to pick a such
a number, I'd use AH's number)

    > We had some discussion about this in the mailing list earlier, but I
    > didn't think that there was really a final result from that discussion
    > (or I might be remembering wrong, as I didn't have too much time to
    > participate that discussion at that time).

My memory is that most people didn't think that protocols numbers were so
scarce that the cost exceeded the possible confusion.   Christian is asking
for one number, not ten.

    > The reason I am concerned is that I was there when we wanted to get
    > the Wrapped ESP IP protocol number, and there was quite a lot of
    > discussion going on at that time, and it was not just we send request,
    > and we get the number. Of course at that point I also supported
    > proposal which did not require new IP protocol number, so for me the
    > problems getting IP number was for my favor :-)

Does anyone use Wrapped ESP?
Can we just mark that as historic now :-)

    > Note, that if the answer is going to be that we want to use this also
    > when we are not using IPsec, then this is even bigger can of worms, as
    > that would most likely mean that this work does not belong to the
    > IPsecME working group, but should be part of completely different
    > area...

Let's assume that we might want to use this protocol with another secure
tunnel protocol which was not ESP.  But, not in the clear over the Internet.
(Think: QUIC, Wireguard, OpenVPN)

--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

Attachment: signature.asc
Description: PGP signature

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to