Re: [IPsec] WESP - Roadmap Ahead

[Tero Kivinen <kivinen@iki.fi>]

Scott C Moonen writes:
> Jack, I'm not sure it's clear yet whether WESP will be widely adopted. 
> There's disagreement between end-node and middle-node folks as to whether 
> WESP or heuristics are the best approach for inspection of ESP-NULL 
> traffic.  I think that end-node vendors will be very reluctant to adopt 
> WESP widely until there is broad customer demand for it, and I'm not sure 
> that this demand will ever materialize.

I agree on that... 

> This is all my personal opinion, of course.  But it seems to me that 
> heuristics will have to be adopted by competitive middle-node vendors, and 
> therefore (barring any extensions to WESP that make it attractive for 
> other reasons) the use of heuristics will probably always be more 
> widespread and will dampen the demand for WESP.  Additionally, ESP-NULL 
> itself has rather narrow applicability in an environment where end-to-end 
> encryption is increasingly common, which further limits the cases where 
> there will be an absolute need for WESP.  Furthermore, there will always 
> be valid reasons to use AH (reduced overhead compared to WESP).

And wider protection, i.e. IP addresses and options... 

> For reasons like these, I believe it's premature to call for deprecation 
> of AH and even more premature to start preferring WESP to ESP.

Agree on that too. 

> What status will the WESP RFC have?  Experimental, informational, 
> standards track, etc.?

It is aimed for proposed standard, altough I would be happier if would
be aimed for experimental. 
-- 
kivinen@iki.fi