> > > So, in fact, WESP is not an optional encapsulation of ESP. It is an > alternative to ESP with some duplicated fields (such as Next Header) > and pointers into the actual integrity-protected payload. >
Actually, the name "Wrapped ESP" (WESP) is a misnomer. :) It may have been envisaged as a wrapper over ESP, but given how it has evolved (computing ICV, etc) , its more than just a mere wrapper and is actually an alternative to ESP (as you rightly point out). However, i see no issues with this. In fact, i see this as another reason why the spec should allow WESP to be used for encryption also. Jack _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
