Paul Wouters <[email protected]> wrote: >> You could also just say that ASBRs are presumed to be communicating >> within a well-managed environment, are often zero or one hops away from >> one another, and that this environment MUST accommodate the larger MTU >> for tunnel-mode IPsec encapsulation.
> If it’s such a trusted one hop, why do you need IPsec to signal a traffic
label?
It's not one hop. It could transit multipls ASs.
That's why they are so concerned about MTU, and why IPTFS might help make
this deployable.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
