In your previous mail you wrote:
>Because diffserv has a problem if it needs to re-classify encrypted
>traffic, since the port & protocol #s are hidden. However, the idea
>of an extension header is *much* better than subverting the flow
>label.
>
Apart from the fact that I don't understand why diffserv would need to
reclassify something that has already been classified, I don't think
that we can manage an extension header.
=> reclassification will occur when a domain boundary is crossed because
it is not easy/possible to get a SLA with all the crossed ISPs...
According to Brian, this was discussed in the DiffServ community and
is accepted as a fact (even if many believe this is *not* the best thing).
I tried -- the tf-esp effort
-- but there was too much opposition, including several IAB and IESG
members, and a lot of the IPsec community.
=> the context is a bit different because there is a real advantage to
reveal/give some infos. In the previous attempt the argument was or you
say what is in your packet or we'll drop it on the floor, of course
this was very hard to accept by the IPsec community...
My concern is more about our hardware colleagues, is this kind of
solutions enough easy and cheap to implement?
Thanks
[EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
