|Main Archive Page > Month Archives > ipsec archives|
At 10:31 AM -0600 11/13/07, Joy Latten wrote:
>RFC 4303 introduces the use of dummy packets within ESP.
>Section 2.6 states,
> A transmitter MUST be capable of generating dummy packets marked
> with this value in the next protocol field, and a receiver MUST
> be prepared to discard such packets, without indicating an error.
>However, it is not clear to me whether an IPsec/ESP implementation MUST
>use this feature. That is, it MUST send out dummy packets at random
>intervals or in a way to shape the traffic. I interpreted the above
>statement to mean that an implementation must only have the capability.
>Further clarification if I have misinterpreted would be greatly appreciated.
Like most IETF standards, IPsec specifies capabilities of conformant implementations. It does not mandate that a user enable all of the features that MUST be present in an implementation. So, no, an implementation should not be sending dummy packets unless the user (or sys admin) instructs it to do so via appropriate config controls.