[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[2]: IPSEC at Dec IETF




Paul_Lambert-P15452@email.mot.com says:
> I have a one comment on this ... if you change the header format it is no 
> longer IPv6 pure. 

That is not really true. The AP header is identical to what we already
agreed on and the ESP is identical other than the contents of the
opaque portion of the packet. The opaque portion is, well, opaque, and
I'm merely suggesting that it be made even more opaque by making it
security transform dependant. Under that circumstance, Ran's drafts
and what we were proposing as IPSP become completely identical -- so
there is very little point in having two specs.

> At the last meeting, we were moving towards replacing the IPv6 encapsulation 
> with IPSP.

It would be better to say that after a couple of days we re-derived
the v6 encapsulation and decided to try to have one encapsulation and
call it IPSP, but it was basically just Ran's encapsulation.

> It looks the group has reached a branch point in the IPSP. We need
> to decide if IPv6 purity is more important than efficiency.

I am not certain that this is an issue. The only way this comes up is
in the question of how many bytes are used inside the opaque portion
of the opaque encapsulation to define "next header" or the
equivalent. If Ran is willing to let this be transform dependant the
specs suddenly become absolutely identical and ther is no longer a
reason to declare them to be two different protocols.

Perry


References: