Paul Wouters <p...@nohats.ca> wrote:
>> You could also just say that ASBRs are presumed to be communicating
>> within a well-managed environment, are often zero or one hops away from
>> one another, and that this environment MUST accommodate the larger MTU
>> for tunnel-mode IPsec encapsulation.
> If it’s such a trusted one hop, why do you need IPsec to signal a traffic
label?
It's not one hop. It could transit multipls ASs.
That's why they are so concerned about MTU, and why IPTFS might help make
this deployable.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
