RE: I-D ACTION:draft-ietf-ipsec-udp-encaps-00.txt

["Mason, David" <David_Mason@nai.com>]

What is the purpose/motivation behind the AH Envelope?  It seems like
needless overhead to me.

What is the purpose/motivation of the long period (default 5 minutes)
keepalive mentioned in the second paragraph of section 4?

Why bother providing even a MAY for support of AH?  Only support for IPv4 AH
is specified, in which case ESPNULL provides practically the same protection
(yes AH protects 3 historic security options, the router alert option which
is noted to be incompatible with IPsec, and the multi-destination delivery
option but how often are these options actually used?).  In the past people
have been jumping up and down about IKE/IPsec already being too complex.  I
think this is a case where added complexity provides very little benefit.

Just for the fun of causing trouble and stoking fires:  I noticed that the
NAT-traversal drafts were published under the auspices of the WG instead of
as individual submissions.  I thought there was an edict that the WG would
not support changes to IKE/IPsec.  Has the edict been dropped, or is it a
wish-washy edict, or are IDs with lots of authors from powerful companies
exempt?
 
-dave

---

• Prev by Date: RE: SCEP limitations
• Next by Date: RE: I-D ACTION:draft-ietf-ipsec-udp-encaps-00.txt
• Prev by thread: RE: SCEP limitations
• Next by thread: RE: I-D ACTION:draft-ietf-ipsec-udp-encaps-00.txt
• Index(es):
  • Main
  • Thread