[IPsec] WESP - Roadmap Ahead

Jack Kohn <kohn.jack@gmail.com> Wed, 11 November 2009 16:05 UTC

Return-Path: <kohn.jack@gmail.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 388883A6900 for <ipsec@core3.amsl.com>; Wed, 11 Nov 2009 08:05:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id k+KOOuMovmnO for <ipsec@core3.amsl.com>; Wed, 11 Nov 2009 08:05:32 -0800 (PST)
Received: from mail-yw0-f183.google.com (mail-yw0-f183.google.com []) by core3.amsl.com (Postfix) with ESMTP id 466C13A69E0 for <ipsec@ietf.org>; Wed, 11 Nov 2009 08:05:32 -0800 (PST)
Received: by ywh13 with SMTP id 13so1262072ywh.29 for <ipsec@ietf.org>; Wed, 11 Nov 2009 08:05:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=vEFo4USUK3SY5Rzqjw90ook0Wselq0M4oXpnZKKX42U=; b=ZY23GkIQryFM5VrRlKetSkLmlpOEDQCWo6t50SOboMgUvF3469C/gYUeNN1Lxm5IBc bVoCiPumMnEck18qF0O/KxxsbS9caoUrCqsOmPsVnBpsL5fcmfPJA5+2t3uIX/wjKEcp tWItDq0L1guYIJsMparNasyWBymGfjcvyJFZY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=V6mCb1pZ0P8bw74ijOBumGOH1Ea47dTjV+kJ7PBwRGnexjmWFxLM1T5kt9ivsy51YE vSU2mfw43Jp33NuCTO/2aX88uNnaBLl+5vXBkAQOoLZOquQEma6Cse3MnF2PQM9J8CdV u2Hl/XuyEAvyZLf3mziBJsT+G9dRRQpRCD/I4=
MIME-Version: 1.0
Received: by with SMTP id k4mr2681010agp.41.1257955555939; Wed, 11 Nov 2009 08:05:55 -0800 (PST)
Date: Wed, 11 Nov 2009 21:35:55 +0530
Message-ID: <dc8fd0140911110805q67759507t6cf75a1e9d81c5aa@mail.gmail.com>
From: Jack Kohn <kohn.jack@gmail.com>
To: ipsec@ietf.org
Content-Type: multipart/alternative; boundary=0016e64655240e155f04781a9a81
Subject: [IPsec] WESP - Roadmap Ahead
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Nov 2009 16:05:33 -0000


>From operational perspective if we are supporting both v4 and v6 (and we
will) then having different protocols ESP and AH is and will be a
nightmare.  Common denominator is ESP-Null. However, there were issues with
ESP-Null as it couldnt be deep inspected which has now been solved with

In short, the argument that "Oh, but we can inspect AH packets" is not
relevant anymore.

Given this, should we still have AH as a MAY for IPSEC - Cant we deprecate

WESP is ESP++, and it offers everthing that ESP offers plus more. What is
our stance for ESP moving forward?

Also, I see that a lot of work done in other WGs is still using ESP
(primarily for data integrity). Shouldn’t they be moving to WESP, as WESP
offers more flexibility?