Grewal, Ken wrote: > > Issue #90: shorter WESP negotiation > > In the current traffic visibility draft, we indicate that WESP can be > negotiated via IKEv2 using a new protocol identifier. > Charlie Kaufman suggested that it may be plausible to use a notification > method along the lines of USE_TRANSPORT_MODE in RFC 4306, where the type of > transport is negotiated independently of the cryptographic parameters. > > Pros: Shorted negotiation using notifications. > Cons: Some flexibility is lost in not being able to negotiate different > Crypto algorithms combinations with/without WESP. > > Comments / opinions appreciated...
I think the con really addresses a non-problem. I don't think anyone is going to want NULL encryption if WESP is selected, but AES-256 if regular ESP is selected. I think we should go with Charlie's suggestion. Yoav Email secured by Check Point _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec