[IPsec] AD review comments for draft-ietf-ipsecme-traffic-visibility

pasi.ero...@nokia.com writes: - A question: did the WG discuss the pros and cons of integrity protecting the WESP header? (This does make WESP more complex to implement, and currently the WESP header does not contain any data that would benefit from integrity protection in any way.) Thats is

Re: [IPsec] Populating ID_DER_ASN1_DN

David Wierbowski writes: Thanks for the clarification. The text in 4301 makes sense. What I do not agree with is the text in 4945 that requires implementations MUST be able to perform matching based on a bitwise comparison of the entire DN in ID to its entry in the SPD. I can agree with

Re: [IPsec] IPSECME Virtual Interim Meeting

Paul Hoffman writes: At 10:03 PM +0300 9/12/09, Yaron Sheffer wrote: The ipsecme WG will have a virtual interim WG meeting in about a month. We will have a conference call on Tuesday September 22, 15:00 GMT (18:00 Israel, 17:00 CET, 11:00 EDT, 8:00 PDT), for 2 hours. We are planning on

[IPsec] Query about SEq Number

HI, I have a query about the Sequence number in the ESP Header. If for any packet, the receiver finds the seq number as ZERO, what is the desired behavior..? Should this result in the anti-replay check failure..? Should this be treated as a corrupted packet..? Appreciate your inputs. Thanks

Re: [IPsec] Query about SEq Number

On Fri, Sep 18, 2009 at 10:35:32AM -0500, Manish Aggarwal wrote: HI, I have a query about the Sequence number in the ESP Header. If for any packet, the receiver finds the seq number as ZERO, what is the desired behavior..? Should this result in the anti-replay check failure..? Should this

Re: [IPsec] Query about SEq Number

-Original Message- From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Dan McDonald Sent: Friday, September 18, 2009 11:48 AM To: Manish Aggarwal Cc: ipsec@ietf.org Subject: Re: [IPsec] Query about SEq Number On Fri, Sep 18, 2009 at 10:35:32AM -0500,

Re: [IPsec] Query about SEq Number

On Fri, Sep 18, 2009 at 09:34:26AM -0700, Scott Fluhrer (sfluhrer) wrote: -Original Message- From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Dan McDonald Sent: Friday, September 18, 2009 11:48 AM To: Manish Aggarwal Cc: ipsec@ietf.org Subject: Re:

Re: [IPsec] AD review comments for draft-ietf-ipsecme-traffic-visibility

Hi Pasi, Many thanks for the great feedback. I will incorporate all these items as part of the WESP update during the next virtual interim meeting on Sept 22. Furthermore, I have opened multiple tickets to ensure these are tracked and resolved. Some comments inline...and others will result