[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ipsec-ecn-00.txt




> 	Title		: IPsec Interactions with ECN
> 	Author(s)	: S. Floyd, D. Black, K. Ramakrishnan
> 	Filename	: draft-ipsec-ecn-00.txt

I've one concern about this draft: it adds yet another unneeded
binding between "tunnel" and SA, which is the wrong direction to go.

In my implementation the tunnel wrapping is totally independent of the
SA (SA really knows nothing about it), and I would prefer it to stay
that way.

I specify whether or not to use tunnel in the Security Policy
definition, which applies first the tunnel and then the SA's that
relate to tunnel end points (exactly as if it was a transport mode
between SGs).

If this ECN is a good thing, I would think the information has a more
natural place in the policy database, added to the tunnel
specification. (or the draft should not try to specify the
implementation details in this way).

-- 
Markku Savela (msa@hemuli.tte.vtt.fi), Technical Research Centre of Finland
Multimedia Systems, P.O.Box 1203,FIN-02044 VTT,http://www.vtt.fi/tte/staff/msa/


References: