All, As we prepare to submit the next revision of the WESP draft, we wanted to get some discussion / feedback on some open ticket items.
Issue #93: Next Header field to provide the value for the tunneled packet if using tunnel mode In the current traffic visibility draft, we indicate that the next header value in the WESP header is equal to the next header value in the ESP trailer. Charlie Kaufman suggested that middle boxes may not want to differentiate between tunnel / transport mode and just get to the payload. i.e. consider providing the tunneled protocol value in WESP next header field in the case of tunnel mode and the WESP offset points to the tunneled payload Pros: easier parsing for intermediary devices Cons: lose consistency between next header in WESP and in ESP trailer - any security concerns? Comments / opinions appreciated... Thanks, - Ken _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
