[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: IPSEC at Dec IETF




Bill and Perry,

We will place your recommendation on the agenda.

>> I propose we accept Ran Atkinson's IPv6 Encapsulating Security Header
>> draft for IPv4 with a small change, which is to move the next header,
>> length and padding information to the trailer.  This is similar to what
>> Karn has been demonstrating for a year now, and nobody else has come out
>> with anything better!
>
>Personally, I radically prefer what we came up with at the last IETF,
>which was simply
>
>[32bits of SAID]
>[STUFF]

I have a one comment on this ... if you change the header format it is no 
longer IPv6 pure. 

What you are proposing is still another protocol that we will call IPSP, but it 
will look much like Ran's proposal. This is fine, currently all of the 
proposals that have been put out look similar. The format issues always seem to 
be discussed out of proportion with the complete processing description.

At the last meeting, we were moving towards replacing the IPv6 encapsulation 
with IPSP.  The IPv6 authentication protocol was still required because of the 
header parsing requirements.  This compromise was to be documented by Perry, 
but we seem to now be in a position of Perry proposing to use Ran's draft. 
Currently the rough draft has been picked up by a last minute editing team to 
publish. We will present this material at the meeting.

It looks the group has reached a branch point in the IPSP. We need to decide if 
IPv6 purity is more important than efficiency. 

I would be very interested in learning the opinions of other implementators.  
We have at least a dozen lurking around.  


Follow-Ups: