gabriel montenegro wrote: >I'll just comment on one item below: > >> As the draft says this is mostly meant for stateful devices, and that >> has been the main goal for the document. The charter says: >> >> "A standards-track mechanism that allows an intermediary device, such >> as a firewall or intrusion detection system ..." >> >> I.e. the main goal was set to be on the devices doing deeper >> inspection i.e. firewalls and intrusion detection systems. > >Disagree completely. The charter item is a general one for intermediary devices >(some of which are and are expected to continue being stateless). > >The above was just an example.
OK, so give us a counter-example. Why would a stateless device want to be able to tell the difference between ESP-AES-CBC and ESP-NULL. What policy is it trying to enforce? Email secured by Check Point _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec