Paul Hoffman writes: > > Title : Heuristics for Detecting ESP-NULL packets > Soooo, that was two months ago, and there has been no discussion. > Has anyone other than the document authors (and the WESP authors) > read the document? Does the WG find this to be useful? > > Tero and Dan: have you found anything that you want to change?
We did receive few comments that might be added to the draft, those were about the GCM IV (i.e. they might not be random, but might be counter, which means they might have lots of zeroes in the beginning, and that might affect the heuristics a bit), and another were about adding some section about how end-nodes can make small changes to make the heuristics more efficient (i.e. use more than minimal number of padding, for first few packets for new SA, and make sure GCM IVs look random enough, so they cannot be confused for TCP or UDP headers). I have not made those changes, as I am not sure if we want to even add both of them. I was mostly waiting for more comments and then think again about whether to add those or not. Ps. I am currently on vacation until IETF, so I am reading my emails very randomly... -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec