Gabriel,
...
One may argue whether that consistency check is best served by
extending the ICV to include the
WESP header fields (per the current WG consensus as expressed in the
existing draft), or whether
that is best done by the end nodes checking the fields explicitly.
My reply to Ken addresses the issue you raise about the need for
consistency checks. I don't think there is a misunderstanding here.
The I-D calls for such checks and I agree that they are the right
thing to do. What is at issue, in part, is whether the ESP ICV should
have been extended to cover the WESP header. My view, and that of
several other folks, is that it should not have been done, for the
reasons I cited previously. This aspect of the current I-D could be
fixed by having WESP have NO ICV, of by having WESP include its own
ICV, which would call for nested processing by hosts. As I explained
in my reply to Ken, extending the ESP ICV does not achieve the same
effect, so this is not an "either or" situation.
On a broader note, as Paul and Russ noted, the IESG gets to decide
whether a WG-approved I-D will be published as an RFC (modulo appeals
to the IAB, etc.). The IETF last allows anyone, even members of the
WG that approved an I-D, to raise questions that the IESG will
consider as part of the approval process. I've had over 15 years of
experience as a WG chair (opening for Paul to make a snide comment
:-)) and I have had WG members raise questions during IETF LC, after
WG consensus has been achieved. This is how our process works. Also,
even in the face of WG consensus, an AD may request changes to a
document. This is not uncommon. when this has happened in the PKIX
context, the Wg chairs and document authors have discussed the
requested changes with the AD and we have almost always made the
changes. Sometimes this has required another WGLC.
Steve
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
