Re: [Ipsec] I-D Action:draft-hoffman-esp-null-protocol-00.txt
Scott C Moonen <smoonen@us.ibm.com> Mon, 27 August 2007 14:57 UTC
Return-path: <ipsec-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IPg1r-0004Vx-Sw; Mon, 27 Aug 2007 10:57:23 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IPg1q-0004Vl-71 for ipsec@ietf.org; Mon, 27 Aug 2007 10:57:22 -0400
Received: from e36.co.us.ibm.com ([32.97.110.154]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IPg1o-00032i-Ls for ipsec@ietf.org; Mon, 27 Aug 2007 10:57:22 -0400
Received: from d03relay02.boulder.ibm.com (d03relay02.boulder.ibm.com [9.17.195.227]) by e36.co.us.ibm.com (8.13.8/8.13.8) with ESMTP id l7REuxeY017032 for <ipsec@ietf.org>; Mon, 27 Aug 2007 10:56:59 -0400
Received: from d03av01.boulder.ibm.com (d03av01.boulder.ibm.com [9.17.195.167]) by d03relay02.boulder.ibm.com (8.13.8/8.13.8/NCO v8.5) with ESMTP id l7REteWH226020 for <ipsec@ietf.org>; Mon, 27 Aug 2007 08:55:43 -0600
Received: from d03av01.boulder.ibm.com (loopback [127.0.0.1]) by d03av01.boulder.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id l7REtcs8023401 for <ipsec@ietf.org>; Mon, 27 Aug 2007 08:55:38 -0600
Received: from d03nm118.boulder.ibm.com (d03nm118.boulder.ibm.com [9.17.195.144]) by d03av01.boulder.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id l7REtcd6023354 for <ipsec@ietf.org>; Mon, 27 Aug 2007 08:55:38 -0600
In-Reply-To: <p06240505c2f88cb53df3@[128.89.89.71]>
To: IPsec WG <ipsec@ietf.org>
MIME-Version: 1.0
Subject: Re: [Ipsec] I-D Action:draft-hoffman-esp-null-protocol-00.txt
X-Mailer: Lotus Notes Release 7.0 HF277 June 21, 2006
From: Scott C Moonen <smoonen@us.ibm.com>
X-MIMETrack: S/MIME Sign by Notes Client on Scott C Moonen/Raleigh/IBM(Release 7.0 HF277|June 21, 2006) at 08/27/2007 10:55:25 AM, Serialize by Notes Client on Scott C Moonen/Raleigh/IBM(Release 7.0 HF277|June 21, 2006) at 08/27/2007 10:55:25 AM, Serialize complete at 08/27/2007 10:55:25 AM, Itemize by Notes Client on Scott C Moonen/Raleigh/IBM(Release 7.0 HF277|June 21, 2006) at 08/27/2007 10:55:25 AM, S/MIME Sign complete at 08/27/2007 10:55:25 AM, S/MIME Sign by Notes Client on Scott C Moonen/Raleigh/IBM(Release 7.0 HF277|June 21, 2006) at 08/27/2007 10:55:35 AM, S/MIME Sign complete at 08/27/2007 10:55:35 AM, Serialize by Router on D03NM118/03/M/IBM(Release 8.0|August 02, 2007) at 08/27/2007 08:55:38, Serialize complete at 08/27/2007 08:55:38
Message-ID: <OFDDF3910B.F82A0C50-ON85257344.004F87B8-85257344.0051FE5C@us.ibm.com>
Date: Mon, 27 Aug 2007 08:55:36 -0600
X-Spam-Score: -4.0 (----)
X-Scan-Signature: a4cdc653ecdd96665f2aa1c1af034c9e
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1628438102=="
Errors-To: ipsec-bounces@ietf.org
Would you consider instead reserving a certain range of ESP SPI values for this use? This would avoid consuming two additional protocols, and would localize the solution to the SA management architecture (manual configuration or IKE) without any need for TCP/IP changes or even any changes to the IKE proposals sent. The downside of course is that existing implementations will fail to honor this, but environments that need this behavior will require updated implementations regardless of the approach chosen. It also occurs to me that we could define IP options that asserted NULL ESP, although that seems less elegant and efficient. Scott Moonen (smoonen@us.ibm.com) http://www.linkedin.com/in/smoonen Stephen Kent <kent@bbn.com> 08/27/2007 10:16 AM To Paul Hoffman <paul.hoffman@vpnc.org> cc IPsec WG <ipsec@ietf.org> Subject Re: [Ipsec] Fwd: I-D Action:draft-hoffman-esp-null-protocol-00.txt At 6:57 PM -0700 8/24/07, Paul Hoffman wrote: >Greetings again. David McGrew and I have put together a proposal >that should help end the ESP NULL vs. AH debate. In that debate, the >primary argument for AH is "packet-inspecting firewalls don't know >whether or not to look inside an ESP packet". With this proposal, >they will know better. > >Please let us know what you think. Paul, This should work. The only question is whether the community is willing to consume two protocol numbers to address the problem. Steve _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec
_______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec
- [Ipsec] Fwd: I-D Action:draft-hoffman-esp-null-pr… Paul Hoffman
- Re: [Ipsec] Fwd: I-D Action:draft-hoffman-esp-nul… Stephen Kent
- Re: [Ipsec] Fwd: I-D Action:draft-hoffman-esp-nul… Paul Hoffman
- Re: [Ipsec] Fwd: I-D Action:draft-hoffman-esp-nul… Dan McDonald
- Re: [Ipsec] I-D Action:draft-hoffman-esp-null-pro… Scott C Moonen
- Re: [Ipsec] Fwd: I-D Action:draft-hoffman-esp-nul… Russ Housley
- Re: [Ipsec] Fwd: I-D Action:draft-hoffman-esp-nul… Stephen Kent
- Re: [Ipsec] Fwd: I-D Action:draft-hoffman-esp-nul… Russ Housley
- Re: [Ipsec] Fwd: I-D Action:draft-hoffman-esp-nul… Dan McDonald
- [Ipsec] IPsec algorithm input requested for US Go… Sheila Frankel
- Re: [Ipsec] Fwd: I-D Action:draft-hoffman-esp-nul… David McGrew
- Re: [Ipsec] Fwd: I-D Action:draft-hoffman-esp-nul… Paul Hoffman
- Re: [Ipsec] Fwd: I-D Action:draft-hoffman-esp-nul… Russ Housley
- Re: [Ipsec] Fwd: I-D Action:draft-hoffman-esp-nul… mcgrew
- Re: [Ipsec] Fwd: I-D Action:draft-hoffman-esp-nul… Tero Kivinen
- Re: [Ipsec] Fwd: I-D Action:draft-hoffman-esp-nul… mcgrew
- Re: [Ipsec] Fwd: I-D Action:draft-hoffman-esp-nul… Saroop Mathur
- Re: [Ipsec] Fwd: I-D Action:draft-hoffman-esp-nul… Jyothi
- Re: [Ipsec] Fwd: I-D Action:draft-hoffman-esp-nul… Arnaud Ebalard
- Re: [Ipsec] Fwd: I-D Action:draft-hoffman-esp-nul… Tero Kivinen
- Re: [Ipsec] Fwd: I-D Action:draft-hoffman-esp-nul… Tero Kivinen
- Re: [Ipsec] Fwd: I-D Action:draft-hoffman-esp-nul… mcgrew
- Re: [Ipsec] Fwd: I-D Action:draft-hoffman-esp-nul… Tero Kivinen