[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Ipsec] Layer 2 processing inside IPsec
At 8:10 PM +0200 6/30/04, Francois.PAUL@fr.thalesgroup.com wrote:
>I summarize hereafter the main points that arise from the different messages
>posted to this list :
> - Combining ROHC (or whichever generic compression frameworks suits) and
>IPsec in an efficient way leads to an integration of ROHC in the middle of
>IPsec. From the IPsec framework point of view, this could take the form ESP
>used in tunnel mode, but with a specific "next header" value different from
>"IP", in order for the policy enforcement processing to take place just
>after decryption and decompression, along the lines of what Jan Vilhuber
>proposed.
tunnel mode requires that the next header be IP (v4 or v6) because
that header is used for the access control checks. So I don't
understand your description above.
Steve
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec