Hi Michael, > I do not agree that WESP provides the service desired. > WESP requires cooperation (and therefore upgrade) of the end points. > > What AH does that ESP NULL does not, is that it guarantees that the things > after the AH header are in fact in the clear. One can in fact, ignore the AH > > header completely (even on the receiving node!), and still process the > entire packet. Not so with ESP!
You have this information with WESP as well. You definitely know that the packet is sent in clear with WESP. Just as you can use ESP with manual keying, you can use WESP too. Obviously the end nodes need to implement WESP, but then they also need to implement AH if that's what they want to use. Cheers, Manav _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
