On Thu, Jul 04, 2024 at 09:09:46AM -0400, Michael Richardson wrote: > > Antony Antony <antony.ant...@secunet.com> wrote: > > We are proposing Encrypted ESP Ping, which will compliment/co-exist > > with draft-colitti-ipsecme-esp-ping. We welcome feedback on this > > proposal. Both authors will be present at the upcoming Vancouver IETF > and > > would love to chat about this ID and our implementation plans. Also, we > are > > planning a short presentation at IPsecME session there. > > This proposal allows the initiator to specify the SPI# in which the response > will appear. I see the utility of this, particularily for multi-SA > configurations. I'm not yet convinced this is safe, but I'm thinking about > it.
Thanks for your feedback. I am curious about your concerns. Could you share more details? One concern I imagine is responding to a different peer would cause a DoS? We specified more validations on the responder to address this problem. thanks, -antony _______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org