[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: proposed IPSEC changes/extensions



Hilarie,

        IP layer compression is definately a separable part of packet
processing, but existing implementations of IP stacks do not tend to
incoporate such a facility.  Since the addition of IP layer encryption
strongly motivates the use of compression (at least over dialup links), I
think it is not unreasonable to incorporate the compression facility as
part of an IPSEC implementation.  (If we cause the problem, we can also
incorporate the solution?)  The resulting protocol could still be an
independent module, to facilitate reuse in other contexts, so I'm not so
fond of closely tying the compression to any other IPSEC processing, as has
been suggested.

        This leaves the question of whether ESP should have an optional set
of fields for compression, or if a separate header should be used.  While a
separate header is cleaner, and I ma a supported of the "do it right the
first time" approach, I know a lot of folks are anxious to have IPSEC
deployed, so I can appreciate the motivation for making this another
optional part of ESP.

Steve




Follow-Ups: