Two issues: AH death, and SA identification

[ji@research.att.com]

I'm probably going to get lynched for this, but here it is anyway:

Let's get a new protocol number, call it something like SESP (SPI-only
ESP), and use that as the protocol that only uses the SPI as a
selector.  This way we don't have to touch AH or ESP, and most of the
code can be shared between ESP and SESP. 

Another option is to reserve the top bit of the SPI to indicate
RFC2401 processing (proto, dst addr, SPI are all significant) or not
(only SPI is significant).  Either way, implementations that keep
separate SPI tables for AH and ESP would not be affected, as they
would still get to chose the SPI for themselves.

/ji

--
 /\  ASCII ribbon  |  John "JI" Ioannidis * Secure Systems Research Department
 \/    campaign    |  AT&T Labs - Research * Florham Park, NJ 07932 * USA
 /\    against     |  "Intellectuals trying to out-intellectual
/  \  HTML email.  |   other intellectuals" (Fritz the Cat)

---

Follow-Ups:

• Re: Two issues: AH death, and SA identification
• From: Markku Savela <msa@burp.tkv.asdf.org>

---

• Prev by Date: RE: Death to AH (was Re: SA identification)
• Next by Date: RE: Death to AH (was Re: SA identification)
• Prev by thread: Re: Death to AH Now
• Next by thread: Re: Two issues: AH death, and SA identification
• Index(es):
  • Main
  • Thread