ipsec September 2009 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: Re: [IPsec] Relating the two ESP-null documents

Re: [IPsec] Relating the two ESP-null documents

From: Tero Kivinen <kivinen_at_nospam>
Date: Thu Sep 03 2009 - 11:50:47 GMT
To: Paul Hoffman <paul.hoffman@vpnc.org>


Paul Hoffman writes:
> At 3:50 PM +0300 8/24/09, Tero Kivinen wrote:
> >So would this text be added to both documents or what?
>
> It should go in both. That way, an implementer a year from now who
> comes across one of the RFCs will both find out about the other and
> be clear on the relationship.
>
> >If so where
> >(between section 2 and 3 in esp-null-heuristics and after or replacing
> >section 1.2 of traffic-visibility draft)?
>
> My preference for esp-null-heuristics is that this applicability
> statement be section 1.1, and that what is now section 2 (the 2119
> language) become section 1.2.

Posted new version of the draft now to the repository.

Changes are:

  • Added applicability statement
  • Processed comments from Yaron
    • Added comment about UDP-encapsulated ESP and IPsec flows to new section 7.
    • Fixed typos
    • Added text to security considerations section that attacker can bypass inspection by other encapsulation methods too.
  • Processed comments from David McGrew
    • Added text about IV not necessarely being random
    • Added text about minimal padding
  • Removed the "XXX TBA -- including possible chunk-specific checking" from SCTP section (if someone will provide me text about that I will add it).
  • Added some more comments to the pseudocode -- kivinen@iki.fi
    IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec