[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ipsec] Layer 2 processing inside IPsec
I just skimmed rfc3095 for the first time so I might have missed
something, but I can see a couple potential problems:
- ROHC requires that the lower layer not reorder packets, whereas
IPsec includes replay protection with a sequence number, it does *not*
put packets back into their original order on receive.
- ROHC changes the encoding of header fields which are used for
access control purposes by IPsec (inner tunnel headers, payload
protocol, and transport-layer ports); a naive integration of ROHC
inside IPsec would bypass IPsec's post-decryption access controls.
- Bill
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec