Re: On the Use of SCTP with IPsec

["Jari Arkko" <jari.arkko@kolumbus.fi>]

Stephen Kent wrote:

> I'll have to look into the proposal in more detail, but it does seem 
> that it might entail potentially greater steady state processing 
> costs. Also, if I understand your comment, you're suggesting that we 
> can keep current IKE payload formats, but change the processing of 
> the content, which really is a protocol change. I'm not sure its 
> preferable to focus so much on preservation of formats vs. processing 
> in this case; either is a change of the protocol in the bigger 
> implementation sense, right?

You change the bits on the wire, it's a protocol change. And the
bits would be changed, new kinds of identification would be allowed.

But note what Angelos & co are suggesting is a new kind of value
for one of the payloads. As _opposed_ to having more payloads
at the highest level of a message. In my experience adding new
kinds of values to payloads is easier in most implementations
than changing the top-level structure of IKE messages. Perhaps
not as easy as adding a new algorithm value, but still... I like
the choice they have made.

Jari

---

References:

• Re: On the Use of SCTP with IPsec
• From: "Angelos D. Keromytis" <angelos@keromytis.org>
• Re: On the Use of SCTP with IPsec
• From: Stephen Kent <kent@bbn.com>

---

• Prev by Date: Re: On the Use of SCTP with IPsec
• Next by Date: Re: On the Use of SCTP with IPsec
• Prev by thread: Re: On the Use of SCTP with IPsec
• Next by thread: Re: On the Use of SCTP with IPsec
• Index(es):
  • Main
  • Thread