stics entirely during migration. So carrying encrypted traffic in WESP is
very valuable (and in charter).
bs
-Original Message-
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Tero
Kivinen
Sent: Friday, January 08, 2010 3:58 AM
To: Brian Swander
Cc: ipsec@iet
rt of justification is needed to progress here?
bs
-Original Message-
From: Stephen Kent [mailto:k...@bbn.com]
Sent: Thursday, January 07, 2010 3:41 PM
To: Brian Swander
Cc: ipsec@ietf.org; Russ Housley
Subject: Re: [IPsec] Traffic visibility - consensus call
At 8:06 PM + 1/7/10,
to deploy,
and how can we enable them to do it.
bs
-Original Message-
From: Stephen Kent [mailto:k...@bbn.com]
Sent: Thursday, January 07, 2010 11:09 AM
To: Brian Swander
Cc: ipsec@ietf.org; Russ Housley
Subject: RE: [IPsec] Traffic visibility - consensus call
At 5:13 PM +0000 1/7/10
ither working in isolation and in complete distrust of the other.
-Original Message-
From: Brian Swander
Sent: Thursday, January 07, 2010 9:14 AM
To: 'Stephen Kent'
Cc: ipsec@ietf.org; Russ Housley; gabriel montenegro
Subject: RE: [IPsec] Traffic visibility - consensus call
I
aries - although clearly security intermediaries are important here,
too.
bs
-Original Message-
From: Stephen Kent [mailto:k...@bbn.com]
Sent: Thursday, January 07, 2010 8:10 AM
To: Brian Swander
Cc: ipsec@ietf.org; Russ Housley; gabriel montenegro
Subject: Re: [IPsec] Traffic visib
esday, January 06, 2010 1:01 PM
To: Brian Swander
Cc: ipsec@ietf.org; Russ Housley; gabriel montenegro; Stephen Kent
Subject: RE: [IPsec] Traffic visibility - consensus call
At 7:55 PM + 1/6/10, Brian Swander wrote:
>I trust my clarification (to Yaron) addressed these questions. Let
>me kn
os can leverage them, too).
bs
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Yaron
Sheffer
Sent: Wednesday, January 06, 2010 11:54 AM
To: Brian Swander; Stephen Kent
Cc: ipsec@ietf.org; Russ Housley; gabriel montenegro
Subject: Re: [IPsec] Traffic visibility - consensus
I trust my clarification (to Yaron) addressed these questions. Let me know if
there are any outstanding.
bs
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of
Stephen Kent
Sent: Wednesday, January 06, 2010 11:45 AM
To: Brian Swander
Cc: ipsec@ietf.org; Russ Housley
can't assume intermediaries must
implement heuristics.
bs
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Yaron
Sheffer
Sent: Wednesday, January 06, 2010 11:21 AM
To: Brian Swander; Stephen Kent
Cc: ipsec@ietf.org; Russ Housley; gabriel montenegro
Subject:
achines to accomplish this.
Routing infrastructure that doesn't do heuristics
Requires intermediaries that can do full ESP-NULL parsing.
bs
-Original Message-
From: Paul Hoffman [mailto:paul.hoff...@vpnc.org]
Sent: Wednesday, January 06, 2010 10:21 AM
To: Brian Swander; gabriel m
See my response to Stephen Kent, and let me know if that doesn't clarify
adequately.
bs
From: Scott C Moonen [mailto:smoo...@us.ibm.com]
Sent: Wednesday, January 06, 2010 11:00 AM
To: Brian Swander
Cc: gabriel montenegro; Russ Housley; ipsec@ietf.org; ipsec-boun...@ietf.org;
Stephen
f
Stephen Kent
Sent: Wednesday, January 06, 2010 10:37 AM
To: Brian Swander
Cc: ipsec@ietf.org; Russ Housley; gabriel montenegro
Subject: Re: [IPsec] Traffic visibility - consensus call
At 5:42 PM +0000 1/6/10, Brian Swander wrote:
The uplevel machines can't use ESP to send the encrypted
?
We must make sure that we have a solution that is deployable and useful in the
real world.
bs
-Original Message-
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Paul
Hoffman
Sent: Wednesday, January 06, 2010 9:50 AM
To: Brian Swander; gabriel montenegro; Ru
heuristics. Intermediaries would be configured
(in this scenario) to assume that ESP always means ESP-NULL.
bs
-Original Message-
From: Stephen Kent [mailto:k...@bbn.com]
Sent: Wednesday, January 06, 2010 7:07 AM
To: Brian Swander
Cc: gabriel montenegro; Russ Housley; ipsec@ietf.org
Subject:
Take a look at the policy sketch I sent our yesterday for how to roll this out
in a mixed mode environment. That should clarify all your questions.
bs
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Scott
C Moonen
Sent: Wednesday, January 06, 2010 5:38 AM
To: Venka
I'll resend my message from earlier today that gives a concrete scenario for
why the WESP encryption bit is in charter.
To satisfy the existing charter item, we need a deployable solution, which
entails working with legacy systems that don't support this functionality yet.
Here's an explic
Yes to both.
To elaborate on what Ken said, here's an explicit scenario that requires the
encrypted bit for WESP, fully within the current charter of enabling ESP-NULL
inspection.
Transport policies for within an organization that want to enable intermediary
inspection of ESP-NULL non-heurisit
I took Russ' comments about "being in the rough" to imply that we're re-opening
the consensus discussion. I'm not sure why we're reopening this, since we
already got consensus on this when it came up the first time. Since many of
our internal guys are already out for the holidays, I can't see
AH alone isn't good enough. We need solutions that also work with end-to-end
encryption.
bs
-Original Message-
From: Tero Kivinen [mailto:kivi...@iki.fi]
Sent: Tuesday, December 08, 2009 3:26 AM
To: Brian Swander
Cc: Stephen Kent; ipsec@ietf.org
Subject: Re: [IPsec] Proposed work
extension proposal
does.
bs
-Original Message-----
From: Brian Swander
Sent: Monday, December 07, 2009 10:25 AM
To: 'Stephen Kent'
Cc: ipsec@ietf.org
Subject: RE: [IPsec] Proposed work item: WESP extensibility
0 - option data does not change en-route. This option is
incl
this, and just have the end systems send fully
encrypted packets thru the now totally blind intermediaries like we have today.
bs
-Original Message-
From: Stephen Kent [mailto:k...@bbn.com]
Sent: Monday, December 07, 2009 7:46 AM
To: Brian Swander
Cc: ipsec@ietf.org
Subject: Re: [IPsec
I am interested in WESP extensibility proceeding as a chartered work item.
I will commit to reviewing the draft, and providing text. I don't need to be
a co-author.
bs
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Yaron
Sheffer
Sent: Sunday, November 29, 2009 9:2
(Apologies if this is a dupe. I sent it out yesterday, but it still hasn't
shown up on the list yet, so I figured I better resend from a different
account).
Here is another WESP extension that we are interested in.
Packet Contents Option
0 1 2
23 matches
Mail list logo