[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec error protocol

To: "sankar ramamoorthi" <sankar@nexsi.com>
Subject: Re: ipsec error protocol
From: Stephen Kent <kent@bbn.com>
Date: Mon, 29 Jan 2001 15:24:24 -0500
Cc: <ipsec@lists.tislabs.com>
In-Reply-To: <DIEPJEEKAPMEEKEELGGCAEMACGAA.sankar@nexsi.com>
References: <DIEPJEEKAPMEEKEELGGCAEMACGAA.sankar@nexsi.com>
Sender: owner-ipsec@lists.tislabs.com

Sankar,

><snip>
>
>  >
>  >Question: what if every ESP (for instance) packet would piggy back an
>acknowledgement field (in both direction) ? That would solve quite a few
>issues, no ? And would also be much more efficient.
>  >
>
>I do not understand what you have in mind for the semantic of
>acknowledgement field.
>
>Yes, it would be nice to have an 'RECEIPT-NEEDED' and 'RECEIPT' type of
>flags
>in the ESP. It would also be nice to have versioning in ESP.
>Any reason why versioning was left out of the initial ESP design?

Good question. I think we envisioned an IKE negotiation for this, but 
it could have been done better. No place for a small version number 
up front, given alignment considerations, and if we assume a general 
need for a negotiation for an SA prior to its establishment, then 
that's the right time to find out what your peer can support, e.g., 
re versions.  For now, I see no need to create a new version of ESP. 
For example, we're planning to accommodate bigger sequence numbers 
via a negotiation but NO change in the on the wire format. Thus I 
don't see other requirements that would motivate a change to the 
format to accommodate  the sort of flags you cite.

Steve

Follow-Ups:

RE: ipsec error protocol

From: "sankar ramamoorthi" <sankar@nexsi.com>

References:

Re: ipsec error protocol

From: "sankar ramamoorthi" <sankar@nexsi.com>

Prev by Date: RE: FW: ipsec error protocol
Next by Date: Re: compliance question
Prev by thread: Re: ipsec error protocol
Next by thread: RE: ipsec error protocol
Index(es):
- Main
- Thread