Re: [IPsec] WESP - Roadmap Ahead

2009-11-16 Thread Tero Kivinen
Bhatia, Manav (Manav) writes: > And the reason why you might want to use WESP is to prioritize > certain protocol packets over the others, as is normally done for v4 > control packets (e.g. OSPFv3 HELLOs and ACKs over other OSPFv3 > packets) You cannot do that, as if the packets get reordered mor

Re: [IPsec] Clarification on identities involved in IKEv2EAPauthentication

2009-11-16 Thread Frederic Detienne
On 13 Nov 2009, at 10:10, Murthy N Srinivas-B22237 wrote: > Amjad, > > AAA Server (Radius server) is configured with > 1.domain/realm part of the EAP Identity as the "user name". > 2.Along with this we can configure a radius attribue with a unique > identifier.This identifier is sent by AAA serv

Re: [IPsec] WESP - Roadmap Ahead

2009-11-16 Thread Bhatia, Manav (Manav)
This is an implementation specific optimization that has already been solved in multiple implementations. Cheers, Manav > -Original Message- > From: Tero Kivinen [mailto:kivi...@iki.fi] > Sent: Monday, November 16, 2009 6.39 PM > To: Bhatia, Manav (Manav) > Cc: ipsec@ietf.org > Subject:

Re: [IPsec] WESP - Roadmap Ahead

2009-11-16 Thread Stephen Kent
At 7:50 PM +0530 11/16/09, Bhatia, Manav (Manav) wrote: This is an implementation specific optimization that has already been solved in multiple implementations. Cheers, Manav Is the phrase "implementation specific" a euphemism for non-standard? Steve

Re: [IPsec] WESP - Roadmap Ahead

2009-11-16 Thread Stephen Kent
... Divine guidance is, I suppose, one way to do protocol design, but it could lead to *real* religious wars an appropriate caution given my typo :-). > Also, note that IPSO and CIPSO are examples of options that were discussed at the IPSECME meeting this week, where there is a need

Re: [IPsec] WESP - Roadmap Ahead

2009-11-16 Thread Dan McDonald
On Mon, Nov 16, 2009 at 11:39:30AM -0500, Stephen Kent wrote: > >Or put the labels in the SA, since especially for IPSO you probably > >want cryptographic separation of different security levels. > > There are various options here. I know of devices that have opted to > use ESP in tunnel mode t

Re: [IPsec] WESP - Roadmap Ahead

2009-11-16 Thread Jack Kohn
There multiple "implementation specific" optimizations available. One such optimization that is currently in use in multiple platforms is: Do the seq number check, and then place the packets in different priority queues/paths based on the kind of packet it is. Proprietary ASICs on the routers can

Re: [IPsec] WESP - Roadmap Ahead

2009-11-16 Thread Venkatesh Sriram
Tero, On Mon, Nov 16, 2009 at 6:39 PM, Tero Kivinen wrote: > Bhatia, Manav (Manav) writes: >> And the reason why you might want to use WESP is to prioritize >> certain protocol packets over the others, as is normally done for v4 >> control packets (e.g. OSPFv3 HELLOs and ACKs over other OSPFv3 >>