On Jan 4, 2012, at 10:59 AM, RJ Atkinson wrote: > > On 04 Jan 2012, at 13:46 , Paul Hoffman wrote: > >> On Jan 4, 2012, at 10:37 AM, RJ Atkinson wrote: >>> Neither WESP nor the other document provide a 100% reliable way >>> to parse-into/parse-past/deep-inspect ESP packets. One might >>> wish otherwise, but the reality is that there is no 100% >>> reliable method today. >> >> Can you give an example where WESP (a protocol that was >> done in this WG) is not 100% reliable for parse-into >> or parse-past? If we need to change the protocol, we should. > > Such packets have been encountered by prototype > implementations in at least one firewall. I will > certainly encourage those folks to share a sample > packet here, but they don't usually show up at IETF > and can be very shy.
Really? That's it? > I think WESP was a valiant try, and it seems to work > most of the time. It is just sad that the result > just doesn't work in all cases. You still haven't justified that statement, at least in my mind. I welcome any of the shy people to speak up, even through a proxy such as Ran. > An entirely separate issue is that WESP is not generally > available yet. One hopes that WESP support will become > available soon, but that's not generally true now. That is not an issue for this thread. --Paul Hoffman _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
