RE: ipsec error protocol

["sankar ramamoorthi" <sankar@nexsi.com>]

>From: Stephen Kent [kent@bbn.com]
>Sent: Monday, January 29, 2001 12:24 PM
>To: sankar ramamoorthi
>Cc: ipsec@lists.tislabs.com
>Subject: Re: ipsec error protocol
>
>Sankar,
>
>><snip>
>>
>>  >
>>  >Question: what if every ESP (for instance) packet would piggy back an
>>acknowledgement field (in both direction) ? That would solve quite a few
>>issues, no ? And would also be much more efficient.
>>  >
>>
>>I do not understand what you have in mind for the semantic of
>>acknowledgement field.
>>
>>Yes, it would be nice to have an 'RECEIPT-NEEDED' and 'RECEIPT' type of
>>flags
>>in the ESP. It would also be nice to have versioning in ESP.
>>Any reason why versioning was left out of the initial ESP design?
>
>Good question. I think we envisioned an IKE negotiation for this, but 
>it could have been done better. No place for a small version number 
>up front, given alignment considerations, and if we assume a general 
>need for a negotiation for an SA prior to its establishment, then 
>that's the right time to find out what your peer can support, e.g., 
>re versions.

I was trying to understand why versioning was left out in the
initial design. Thanks for the backgrounder.

> For now, I see no need to create a new version of ESP. 

I agree the flags I was citing do not make any compelling reason
to change on the wire protocol nor I was making a case for one. 
It was more of a what-if-we-had kind of thinking which led to 
the versioning question.

-- sankar --

---

References:

• Re: ipsec error protocol
• From: Stephen Kent <kent@bbn.com>

---

• Prev by Date: Re: ipsec error protocol
• Next by Date: Re: Increased sequence number in ESP/AH
• Prev by thread: Re: ipsec error protocol
• Next by thread: Re: ipsec error protocol
• Index(es):
  • Main
  • Thread