RE: [Ipsec] Layer 2 processing inside IPsec

[Stephen Kent <kent@bbn.com>]

At 8:10 PM +0200 6/30/04, Francois.PAUL@fr.thalesgroup.com wrote:
>I summarize hereafter the main points that arise from the different messages
>posted to this list :
>   - Combining ROHC (or whichever generic compression frameworks suits) and
>IPsec in an efficient way leads to an integration of ROHC in the middle of
>IPsec. From the IPsec framework point of view, this could take the form ESP
>used in tunnel mode, but with a specific "next header" value different from
>"IP", in order for the policy enforcement processing to take place just
>after decryption and decompression, along the lines of what Jan Vilhuber
>proposed.

tunnel mode requires that the next header be IP (v4 or v6) because 
that header is used for the access control checks. So I don't 
understand your description above.

Steve

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec