During the last IETF (106) a discussion ensued on the allocation of the IP
protocol number for IPTFS payloads. I've looked at the options presented:
1) Use WESP (wrapped ESP)
2) Use protocol number zero, and depend on configuration.
3) Just allocate a number this is a valid use.
I think we should continue with the allocation of the IP number. Here are the
reasons:
1) If one has valid reasons, it is not wrong, or that hard to get an IP
number.
2) The IPTFS payload format may be used outside of ESP
- It offers real bandwidth benefits for tunneling IP packets.
- It offers a solution to tunneled IP MTU issues.
3) It is the design of IPsec/ESP to use IP numbers to identify ESP payloads,
and that is how we are using it.
4) Using WESP drawbacks:
4a) Using WESP would reduce available bandwidth perhaps just as a way to
avoid IETF process.
4b) WESP adoption? Hinted during meeting that maybe not that deployed which
complicates adoption of IPTFS.
4c) There's still an ESP next-header field, so this just reduces to the
same thing as "configured" w/ zero protocol, I think.
5) Unlike the WESP protocol number, we *can* re-use the new protocol number.
5a) The header starts with a sub-type value, and we create a registry for
the sub-types.
6) Using zero and configuration, this does not allow (2), and represents
losing real functionality/value, this should be a fall-back position, and not
the one to start with.
So, my suggestion is we continue with the protocol number. We could request an
early allocation so that we can work on acceptance/education prior to WGLC/IESG
submission. And, however unlikely, if we find we cant allocate a protocol
number, we can fall-back to using zero+ike/config without a lot of additional
work.
Thanks,
Chris.
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
