Hi Pasi, The text for explicitly checking the fields was added in and this was followed by adding the ICV check for simplification, without removing the aforementioned text, hence we ended up with both 'checks'!
Based on subsequent discussions, the WG appears to be in favor of removing the extended ICV and keeping the explicit checks, so we will incorporate the appropriate modifications for this and other items raised when the next rev of the document is generated. Thanks, - Ken >-----Original Message----- >From: [email protected] [mailto:[email protected]] >Sent: Monday, January 11, 2010 12:29 AM >To: Grewal, Ken >Cc: [email protected] >Subject: RE: [IPsec] Traffic visibility - consensus call > >Ken Grewal wrote: > >> The either-or on using an ICV or explicitly checking the WESP header >> on the recipient was based on the assumption that the threat does >> not come from the sender and only from some other malicious entity >> after the packet has been sent. >> >> This was the reason for simplifying the header check by using the >> ICV, instead of explicitly checking every field. > >Note that the current draft *does* explicitly check ever field. >Are you proposing removing those checks? > >Best regards, >Pasi >(not wearing any hats) _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
