Robert Moskowitz <rgm-...@htt-consult.com> wrote: > This is an item that goes back to the beginning of ESP work: > Minimally, how does the higher level 'learn' that it is secure:
Are you asking how *TCP* learns of this, or how an application with an open socket(2) learns of this? > Encrypted/Authenticated/CrCed... ? > And as ESP has a seq#, how might it be convied to the higher layer? Do you mean replay counter here, or did you mean SPI? Preferably, never, because it will get rekeyed, so really, whatever you want to do really needs to be communicated abstracted to the key daemon, who will do the right thing, and keep track of updates to the SPI# > Case in point: MAVlink has a 1-byte seq# in its payload. How might > this be provided by ESP? Now I think maybe you really do mean sequence/replay counter. > https://mavlink.io/en/guide/message_signing.html > So I have been thinking about this vis-a-vis diet-esp. What is the > mechanism/trigger that can best work across a number of higher layers > to inform of operating environment and values available (seq#)? > Is this done anywhere now? Doubtful.
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec