|Main Archive Page > Month Archives > ipsec archives|
I support advancing this document, and I think the explanations and pseudo code are good.
I do, however, question the value of it in real life.
Security policies or the deep inspection kind usually are something like:
I'm sure anything enforcing a policy like this will anyway drop ESP- non-null, because it doesn't look like one of those allowed protocols. However, YMMV so I support publishing this draft.
On Sep 17, 2009, at 11:28 PM, Yaron Sheffer wrote:
> This is to begin a 2 week working group last call for draft-ietf-
> ipsecme-esp-null-heuristics-01. The target status for this document
> is Informational.
> Please send your comments to the ipsec list by Oct. 1, 2009, as
> follow-ups to this message.
> Note that this document has had very little review until now. We
> will only progress it as a WG document if we have at least 3 non-
> editor, non-WG chair reviewers who have read it and approve of it.
> And yes, this means the pseudocode, too. There has been strong
> support of ESP-null detection, so this document is likely to be
> widely implemented. Your review will mean a lot to the technical
> quality of this document.
> Please clearly indicate the position of any issue in the Internet
> Draft, and if possible provide alternative text. Please also
> indicate the nature or severity of the error or correction, e.g.
> major technical, minor technical, nit, so that we can quickly judge
> the extent of problems with the document.
> The document can be accessed here: