On Jan 4, 2012, at 10:59 AM, RJ Atkinson wrote:

> 
> On 04  Jan 2012, at 13:46 , Paul Hoffman wrote:
> 
>> On Jan 4, 2012, at 10:37 AM, RJ Atkinson wrote:
>>> Neither WESP nor the other document provide a 100% reliable way 
>>> to parse-into/parse-past/deep-inspect ESP packets.  One might 
>>> wish otherwise, but the reality is that there is no 100%
>>> reliable method today.
>> 
>> Can you give an example where WESP (a protocol that was
>> done in this WG) is not 100% reliable for parse-into
>> or parse-past? If we need to change the protocol, we should.
> 
> Such packets have been encountered by prototype 
> implementations in at least one firewall.  I will
> certainly encourage those folks to share a sample
> packet here, but they don't usually show up at IETF
> and can be very shy.

Really? That's it?

> I think WESP was a valiant try, and it seems to work
> most of the time.  It is just sad that the result 
> just doesn't work in all cases.  

You still haven't justified that statement, at least in my mind. I welcome any 
of the shy people to speak up, even through a proxy such as Ran.

> An entirely separate issue is that WESP is not generally
> available yet.  One hopes that WESP support will become
> available soon, but that's not generally true now.


That is not an issue for this thread.

--Paul Hoffman

_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to