Yaron Sheffer wrote:
Hi Ken,
It seems to me this field is more trouble than it's worth. We are assuming
that the hardware will be enforcing a very simplistic security policy (don't
care if it's Tunnel or Transport, don't care if it's a TCP SYN or not etc.)
and that the hardware is unable to perform anything more than extremely
basic packet parsing. Both assumptions may well be incorrect. And the cost
is in complicating the protocol and the endpoint implementations.
Have we received any review yet from companies/individuals that actually
build the hardware involved? (I'm out of that business for 8 years myself).
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
