[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ikev2-05: encrypted payload, next payload field



Hi,

I'm not sure whether this has been already discussed;
but here goes.

What is the motivation for the current description of
the Encrypted payload?

Since the draft is now essentially copying the ESP format
for use with the Encrypted payload, why not go all the
way?  Instead of putting the type of the first encrypted
payload into the plaintext header, why not put it into
the "trailer" part of the encrypted portion, as ESP does?

This way, the next payload field would have no special
significance.  It would be zero if the Encrypted payload
was last in the message;  if it wasn't the last, it would
have the ordinary IKE meaning.  No information about
encrypted payload types would be leaked, and if necessary
in the future, multiple Encrypted payloads could be used
in a message.

-Sami


__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com