[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Ipsec] Layer 2 processing inside IPsec
At 6:26 PM +0200 7/2/04, Francois.PAUL@fr.thalesgroup.com wrote:
>This is the reason why it is proposed to insert decompression *between*
>decryption and policy enforcement. Once the encrypted payload is decrypted,
>if the "next header" field shows that it is a ROHC-compressed packet, the
>appropriate decompressor is applied, which produces a regular IPv4 or IPv6
>packet header. Then, the classical IPsec access control checks are applied.
>
>This is described in details in Jan Vilhuber's proposal, though the present
>draft invokes compression schemes (not so) different from ROHC.
>
>F. Paul
>
Thanks for the clarification. it was just the choice of words that
made it confusing to me. Look at the new processing model in
2401bis, and see how you would describe the processing in that
context, to make sure this is consistent with that model.
Steve
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec