Dear Sowmini: Thanks for asking about our I-D.
> El 17 jun 2016, a las 23:26, Sowmini Varadhan <[email protected]> > escribió: > > On (06/17/16 20:50), Linda Dunbar wrote: >> - Section 8.1: Page 11: Bullet 1: >> You stated that the node sends the first packet to Controller for the >> controller to determine if the traffic needs to go through IPSec tunnel. >> > > I had a related question Section 8.2, #2 as well: is the first > data packet in the clear or not? If it is not in the clear, how > can you determine the flow in the general case? [Rafa] Please be aware that, if ESP (AH does not encrypt the packet) has been applied to the packet before reaching the GW1 the IP header of that packet is still visible (it is not encrypted). And based on that information there would be SPD entries so that the IPsec implementation would act based on that visible information. Thus, adding the controller does not change that behavior. So I am not sure the issue/problem you may have in mind. > If it is in > the clear, what is the scope of the security consideration? [Rafa] Not sure about what do you mean? Are you referring to section 9 or other aspect? > > --Sowmini > > > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec ------------------------------------------------------- Rafael Marin Lopez, PhD Dept. Information and Communications Engineering (DIIC) Faculty of Computer Science-University of Murcia 30100 Murcia - Spain Telf: +34868888501 Fax: +34868884151 e-mail: [email protected] ------------------------------------------------------- _______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
