ipsec November 2007 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: Re: [IPsec] ESP's use of dummy packets?

Re: [IPsec] ESP's use of dummy packets?

From: Stephen Kent <kent_at_nospam>
Date: Tue Nov 13 2007 - 17:15:24 GMT
To: Joy Latten <latten@austin.ibm.com>


At 10:31 AM -0600 11/13/07, Joy Latten wrote:
>RFC 4303 introduces the use of dummy packets within ESP.
>Section 2.6 states,
> A transmitter MUST be capable of generating dummy packets marked
> with this value in the next protocol field, and a receiver MUST
> be prepared to discard such packets, without indicating an error.
>
>However, it is not clear to me whether an IPsec/ESP implementation MUST
>use this feature. That is, it MUST send out dummy packets at random
>intervals or in a way to shape the traffic. I interpreted the above
>statement to mean that an implementation must only have the capability.
>
>Further clarification if I have misinterpreted would be greatly appreciated.
>
>regards,
>Joy

Like most IETF standards, IPsec specifies capabilities of conformant implementations. It does not mandate that a user enable all of the features that MUST be present in an implementation. So, no, an implementation should not be sending dummy packets unless the user (or sys admin) instructs it to do so via appropriate config controls.

Steve



IPsec mailing list
IPsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec