RE: [Ipsec] Layer 2 processing inside IPsec

[Stephen Kent <kent@bbn.com>]

At 6:26 PM +0200 7/2/04, Francois.PAUL@fr.thalesgroup.com wrote:
>This is the reason why it is proposed to insert decompression *between*
>decryption and policy enforcement. Once the encrypted payload is decrypted,
>if the "next header" field shows that it is a ROHC-compressed packet, the
>appropriate decompressor is applied, which produces a regular IPv4 or IPv6
>packet header. Then, the classical IPsec access control checks are applied.
>
>This is described in details in Jan Vilhuber's proposal, though the present
>draft invokes compression schemes (not so) different from ROHC.
>
>F. Paul
>

Thanks for the clarification. it was just the choice of words that 
made it confusing to me.  Look at the new processing model in 
2401bis, and see how you would describe the processing in that 
context, to make sure this is consistent with that model.

Steve

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec