[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: On the Use of SCTP with IPsec
Stephen Kent wrote:
> I'll have to look into the proposal in more detail, but it does seem
> that it might entail potentially greater steady state processing
> costs. Also, if I understand your comment, you're suggesting that we
> can keep current IKE payload formats, but change the processing of
> the content, which really is a protocol change. I'm not sure its
> preferable to focus so much on preservation of formats vs. processing
> in this case; either is a change of the protocol in the bigger
> implementation sense, right?
You change the bits on the wire, it's a protocol change. And the
bits would be changed, new kinds of identification would be allowed.
But note what Angelos & co are suggesting is a new kind of value
for one of the payloads. As _opposed_ to having more payloads
at the highest level of a message. In my experience adding new
kinds of values to payloads is easier in most implementations
than changing the top-level structure of IKE messages. Perhaps
not as easy as adding a new algorithm value, but still... I like
the choice they have made.
Jari
References: