On Thu, 18 Oct 2018, Tobias Guggemos wrote:
With the new mode, the sender can decide to send certain packets “uncompressed”
if the receiver may not be able to decompress properly. The sender notifies the
receiver by using a different SA and thus a different SPI.
We believe this is more clean than defining something like a “compressed” bit
in the ESP packet..
I really don't like either option. I was hoping we could get rid of
IPCOMP, not make it even more complex with other different kinds of
complicated compressions that take up more then a single IPsec SA.
More specifically here are the following possibilities
A) Negotiating 2 IPsec SAs with EHC parameters and specifying. with
USE_COMPRESS_MODE the SA that compress payload (using EHC). The other SA
*without* USE_COMPRESS_
MODE will not proceed to compression. In other words, EHC is activated if and
only if USE_COMPRESS_MODE is active for the SA.
B) Negotiation of 2 IPsec SAs. One with EHC parameters which assumes
compression is requested and one without EHC in which case no compression is
performed.
I'm not sure I like either.
Tero, can be discuss this at the meeting?
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
