Re: [IPsec] WESP - Roadmap Ahead

Jack Kohn <kohn.jack@gmail.com> Wed, 18 November 2009 00:13 UTC

Return-Path: <kohn.jack@gmail.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0C5C13A67B3 for <ipsec@core3.amsl.com>; Tue, 17 Nov 2009 16:13:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GtbNMduASRQT for <ipsec@core3.amsl.com>; Tue, 17 Nov 2009 16:13:34 -0800 (PST)
Received: from mail-gx0-f228.google.com (mail-gx0-f228.google.com [209.85.217.228]) by core3.amsl.com (Postfix) with ESMTP id 8B41B3A69E3 for <ipsec@ietf.org>; Tue, 17 Nov 2009 16:13:34 -0800 (PST)
Received: by gxk28 with SMTP id 28so591179gxk.9 for <ipsec@ietf.org>; Tue, 17 Nov 2009 16:13:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=i4/ypum1J/aLIdwqRvKj4gWzBXrSZjCneCkHUCJ/l9Q=; b=l7Qq82DzMwO26mDRyVSg5wcBagnNQpBT49w8qE4M7DneE+7TQfAYylc9rSIlIW6ZBY VBAchHWZEYOIqgnZ77Rq3aHWEFj8SCbDsZ0bhYEbupo7Vb9iJM3T87bpUzae7ojwj7Zq JXZpcHeFkWonodx+RIaI6y0RpoVJYd5okQaCI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=nIFotYqw20BfVFzekfkRqjf3dQr06zjXhubx4HuAEVYpx+ig5qXk/72W4isK0Ncz8t tDWMu7Ze8Crzfd92F5jDpzZnrhf6D4J7k0cObS8zpAUE1Jxxjqv42I6UF3Zo72XatQPl +BMdkwR5sIF66uAcE6GL8UNm6flMyMKI641Po=
MIME-Version: 1.0
Received: by 10.90.58.2 with SMTP id g2mr987847aga.73.1258503208730; Tue, 17 Nov 2009 16:13:28 -0800 (PST)
In-Reply-To: <f1548840911171119w334475aenabc3fb225c74536@mail.gmail.com>
References: <dc8fd0140911110805q67759507t6cf75a1e9d81c5aa@mail.gmail.com> <8CCEE8E4-9AC4-46FB-93E4-FE61E0135EB7@doubleshotsecurity.com> <p0624080ec7213743dc05@133.93.16.246> <dc8fd0140911112030y46aa24f9hf3715d57446e96c0@mail.gmail.com> <51eafbcb0911112144u6e25b826w4ec8110d1f73e652@mail.gmail.com> <p06240805c72267851254@133.93.16.246> <p06240825c7229aead977@133.93.16.246> <B71940AB-C732-4240-98CB-75E8C6AAF815@cs.columbia.edu> <p06240800c723d673384e@10.11.1.91> <f1548840911171119w334475aenabc3fb225c74536@mail.gmail.com>
Date: Wed, 18 Nov 2009 05:43:28 +0530
Message-ID: <dc8fd0140911171613he11ec33xd979f15ba296b054@mail.gmail.com>
From: Jack Kohn <kohn.jack@gmail.com>
To: Gregory Lebovitz <gregory.ietf@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: "ipsec@ietf.org" <ipsec@ietf.org>
Subject: Re: [IPsec] WESP - Roadmap Ahead
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2009 00:13:36 -0000

Gregory,

Do you see how WESP can be used in KARP?

Jack


On Wed, Nov 18, 2009 at 12:49 AM, Gregory Lebovitz
<gregory.ietf@gmail.com>; wrote:
> inline...
>
> On Mon, Nov 16, 2009 at 8:39 AM, Stephen Kent <kent@bbn.com>; wrote:
> --snip--
>
>>
>> I am not suggesting that any aspect of your analysis is flawed. I am
>> suggesting that before the WG chooses to further deprecate AH, it needs to
>> document the analysis supporting this decision, not just cite a couple of
>> examples and make general statements in support of such an action.
>
> WESP implementations need to occur, be deployed, and have some time in
> operational networks. It would benefit the standards process to get some
> feedback from the operational community once this has happened. Whether or
> not we call it "experimental", we need to try out the WESP mechanism, in
> parallel with the heuristics method, in the wild and see what comes of
> them.
> We need not be shy about WESP's existence and benefits. I agree we ought to
> go on a bit of an intra-IETF "road show" and get the word to other Areas and
> WG's about WESP as compared to AH, and see what feedback we get. This can
> only help the standards process. In this context, Steve's suggestion for a
> an analysis document would be very helpful. Much of the arguments made in
> this thread would be excellently housed in said document.
> After some time in the wild, If we observe signs that WESP is operationally
> replacing AH, then we could seriously discuss deprecating AH.
> HTH,
> Gregory.
>
>>
>> Steve
>> _______________________________________________
>> IPsec mailing list
>> IPsec@ietf.org
>> https://www.ietf.org/mailman/listinfo/ipsec
>
>
>
> --
> ----
> IETF related email from
> Gregory M. Lebovitz
> Juniper Networks
>