On Thu, January 5, 2012 6:23 am, Tero Kivinen wrote:
> Bhatia, Manav (Manav) writes:
[snip]
>> If a WG ends up mandating AH (when ESP could have been used) then
>> Yes it's a problem for everyone, right from the vendors to the
>> users, who have to now support AH too in their products and
>> netw
Hi Yoav,
I see some potential of using WESP in the routing protocols where it helps the
end nodes in prioritizing certain control packets over the others.
One could argue that the end nodes know that the packets are NULL encrypted and
could use regular ESP as well. The problem with this is tha
On Jan 5, 2012, at 4:37 PM, Bhatia, Manav (Manav) wrote:
>
>> Getting WESP implemented to the boxes will require a lot of time.
>> There are still lots of boxes which do not even support IKEv2 (which is
>> required for
>> WESP) and IKEv2 has been out for 6 years already. AH might already be
>
Bhatia, Manav (Manav) writes:
>
> > Getting WESP implemented to the boxes will require a lot of time.
> > There are still lots of boxes which do not even support IKEv2
> > (which is required for WESP) and IKEv2 has been out for 6 years
> > already. AH might already be
>
> WESP can be used with ma
> Getting WESP implemented to the boxes will require a lot of time.
> There are still lots of boxes which do not even support IKEv2 (which is
> required for
> WESP) and IKEv2 has been out for 6 years already. AH might already be
WESP can be used with manual keying the way routing protocols tod
I don't understand why this discussion is needed.
AH is end-to-end, and the transformations to be used
for the connection are negotiated with key negotiation
and configured policies.
If end points don't want to use AH for whatever
reason (like not implemented), they are not asking it.
If end po
Bhatia, Manav (Manav) writes:
> Hi Sean,
>
> All I am saying is this:
>
> There are many implementations that don't support AH as 4301 has a
> MAY support clause for AH.
Just noting that same is true for WESP. It is not mandatory to
implement, and I would claim there are way more implementations
Bhatia, Manav (Manav) writes:
> > There is no evidence of any recent change either to the operational
> > circumstances or to the available alternatives. So no update is
> > appropriate at this time.
>
> One major recent change is the publication of WESP [RFC 5840] and
> the standard for using
Hi Sean,
All I am saying is this:
There are many implementations that don't support AH as 4301 has a MAY support
clause for AH.
Many people don't understand this. You could argue that its trivial and they
should know this, but this aint an ideal world and people don't realize this.
Even withi