Hi Tero, [clipped]
> And why would routing protocols need to use WESP, I would assume > they use ESP-NULL instead. In addition if you use manual keying Sigh. We've gone through this before I think on the KARP mailing list (am not sure though). Routing protocols could "potentially" use WESP since they need to prioritize certain control protocols over the other protocol packets (like OSPF hellos and acks over other OSPF packets). Using WESP just makes deep inspection easy. One could argue that routers know that incoming ESP-NULL packets are not "encrypted" since they are the end points, however, that means that routers need to install filter rules per SPI values, which is not scalable. So, while ESP-NULL *would* work, WESP just makes it a tad easier. Cheers, Manav _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
