Agreed - minor issue for the 'con', but needed to be raised. We actually added in a notification method to 'negotiate' WESP in the updated revision of the draft.
Look forward to other opinions on this approach... Thanks, - Ken >-----Original Message----- >From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of >Yoav Nir >Sent: Saturday, May 02, 2009 2:41 PM >To: Grewal, Ken; ipsec@ietf.org >Subject: Re: [IPsec] Issue #90: Shorter WESP negotiation > >Grewal, Ken wrote: >> >> Issue #90: shorter WESP negotiation >> >> In the current traffic visibility draft, we indicate that WESP can be >> negotiated via IKEv2 using a new protocol identifier. >> Charlie Kaufman suggested that it may be plausible to use a notification >> method along the lines of USE_TRANSPORT_MODE in RFC 4306, where the type >of >> transport is negotiated independently of the cryptographic parameters. >> >> Pros: Shorted negotiation using notifications. >> Cons: Some flexibility is lost in not being able to negotiate different >> Crypto algorithms combinations with/without WESP. >> >> Comments / opinions appreciated... > >I think the con really addresses a non-problem. I don't think anyone is >going to want NULL encryption if WESP is selected, but AES-256 if regular >ESP is selected. I think we should go with Charlie's suggestion. > >Yoav >Email secured by Check Point >_______________________________________________ >IPsec mailing list >IPsec@ietf.org >https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
