Re: [IPsec] WESP - Roadmap Ahead
Gregory Lebovitz <gregory.ietf@gmail.com> Tue, 17 November 2009 19:19 UTC
Return-Path: <gregory.ietf@gmail.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0DF383A69EC for <ipsec@core3.amsl.com>; Tue, 17 Nov 2009 11:19:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sKDmP86v7LTU for <ipsec@core3.amsl.com>; Tue, 17 Nov 2009 11:19:45 -0800 (PST)
Received: from mail-fx0-f215.google.com (mail-fx0-f215.google.com [209.85.220.215]) by core3.amsl.com (Postfix) with ESMTP id BCAB43A6939 for <ipsec@ietf.org>; Tue, 17 Nov 2009 11:19:44 -0800 (PST)
Received: by fxm7 with SMTP id 7so347634fxm.29 for <ipsec@ietf.org>; Tue, 17 Nov 2009 11:19:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=EEc5fZb4yOfzen4yeagT72obHdh178GEuQx7irMEnw0=; b=ek7qFTQ/bnVong8EbKFMYZ34hfJ4MmqCucfw+v8rEwyq9yykvcDyNijlAEkwkwolbG B68d1mi63kzkTa9WscieRyZEExkt6WMBbL3WM3Fi3zDmX7Gpia42PM7ihMp4i+2o7CJz wEx3Vh0+sdPuJ76o3JEx5W9k+ommjVwVC5/1Q=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=updsNt9n5TyP6lfhbrwPVW8EAP2Eg1UXMYouRH50JSy5fklOgHzuY7LiaAj6IQytMa 64kUepTVxg4wOQm1uk68G/p+QebuOcUH7cgCeJ/7Y73pHBTshe/kh//7amDZksVodZmo 5IHJOTQB2fvfnYuXRMRJ2lQU7WSh2eyU+AqS4=
MIME-Version: 1.0
Received: by 10.86.204.9 with SMTP id b9mr433001fgg.7.1258485576090; Tue, 17 Nov 2009 11:19:36 -0800 (PST)
In-Reply-To: <p06240800c723d673384e@10.11.1.91>
References: <dc8fd0140911110805q67759507t6cf75a1e9d81c5aa@mail.gmail.com> <p0624080ac7212e67c860@133.93.16.246> <8CCEE8E4-9AC4-46FB-93E4-FE61E0135EB7@doubleshotsecurity.com> <p0624080ec7213743dc05@133.93.16.246> <dc8fd0140911112030y46aa24f9hf3715d57446e96c0@mail.gmail.com> <51eafbcb0911112144u6e25b826w4ec8110d1f73e652@mail.gmail.com> <p06240805c72267851254@133.93.16.246> <p06240825c7229aead977@133.93.16.246> <B71940AB-C732-4240-98CB-75E8C6AAF815@cs.columbia.edu> <p06240800c723d673384e@10.11.1.91>
Date: Tue, 17 Nov 2009 11:19:36 -0800
Message-ID: <f1548840911171119w334475aenabc3fb225c74536@mail.gmail.com>
From: Gregory Lebovitz <gregory.ietf@gmail.com>
To: Jack Kohn <kohn.jack@gmail.com>
Content-Type: multipart/alternative; boundary="001485ea7db1b7c6f40478960193"
Cc: "ipsec@ietf.org" <ipsec@ietf.org>, "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>, Stephen Kent <kent@bbn.com>, Steven Bellovin <smb@cs.columbia.edu>
Subject: Re: [IPsec] WESP - Roadmap Ahead
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2009 19:19:46 -0000
inline... On Mon, Nov 16, 2009 at 8:39 AM, Stephen Kent <kent@bbn.com> wrote: --snip-- > I am not suggesting that any aspect of your analysis is flawed. I am > suggesting that before the WG chooses to further deprecate AH, it needs to > document the analysis supporting this decision, not just cite a couple of > examples and make general statements in support of such an action. > WESP implementations need to occur, be deployed, and have some time in operational networks. It would benefit the standards process to get some feedback from the operational community once this has happened. Whether or not we call it "experimental", we need to try out the WESP mechanism, in parallel with the heuristics method, in the wild and see what comes of them. We need not be shy about WESP's existence and benefits. I agree we ought to go on a bit of an intra-IETF "road show" and get the word to other Areas and WG's about WESP as compared to AH, and see what feedback we get. This can only help the standards process. In this context, Steve's suggestion for a an analysis document would be very helpful. Much of the arguments made in this thread would be excellently housed in said document. After some time in the wild, If we observe signs that WESP is operationally replacing AH, then we could seriously discuss deprecating AH. HTH, Gregory. > > Steve > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > -- ---- IETF related email from Gregory M. Lebovitz Juniper Networks
- [IPsec] WESP - Roadmap Ahead Jack Kohn
- Re: [IPsec] WESP - Roadmap Ahead Stephen Kent
- Re: [IPsec] WESP - Roadmap Ahead Scott C Moonen
- Re: [IPsec] WESP - Roadmap Ahead Tero Kivinen
- Re: [IPsec] WESP - Roadmap Ahead Bhatia, Manav (Manav)
- Re: [IPsec] WESP - Roadmap Ahead Bhatia, Manav (Manav)
- Re: [IPsec] WESP - Roadmap Ahead Stephen Kent
- Re: [IPsec] WESP - Roadmap Ahead Merike Kaeo
- Re: [IPsec] WESP - Roadmap Ahead Bhatia, Manav (Manav)
- Re: [IPsec] WESP - Roadmap Ahead Stephen Kent
- Re: [IPsec] WESP - Roadmap Ahead Bhatia, Manav (Manav)
- Re: [IPsec] WESP - Roadmap Ahead Jack Kohn
- Re: [IPsec] WESP - Roadmap Ahead Daniel Migault
- Re: [IPsec] WESP - Roadmap Ahead Jack Kohn
- Re: [IPsec] WESP - Roadmap Ahead Steven Bellovin
- Re: [IPsec] WESP - Roadmap Ahead Bhatia, Manav (Manav)
- Re: [IPsec] WESP - Roadmap Ahead Richard Graveman
- Re: [IPsec] WESP - Roadmap Ahead Stephen Kent
- Re: [IPsec] WESP - Roadmap Ahead Venkatesh Sriram
- Re: [IPsec] WESP - Roadmap Ahead Bhatia, Manav (Manav)
- Re: [IPsec] WESP - Roadmap Ahead Bhatia, Manav (Manav)
- Re: [IPsec] WESP - Roadmap Ahead Stephen Kent
- Re: [IPsec] WESP - Roadmap Ahead Steven Bellovin
- [IPsec] WESP - Roadmap Ahead Tero Kivinen
- Re: [IPsec] WESP - Roadmap Ahead Bhatia, Manav (Manav)
- Re: [IPsec] WESP - Roadmap Ahead Tero Kivinen
- Re: [IPsec] WESP - Roadmap Ahead Bhatia, Manav (Manav)
- Re: [IPsec] WESP - Roadmap Ahead Stephen Kent
- Re: [IPsec] WESP - Roadmap Ahead Stephen Kent
- Re: [IPsec] WESP - Roadmap Ahead Dan McDonald
- Re: [IPsec] WESP - Roadmap Ahead Gregory Lebovitz
- Re: [IPsec] WESP - Roadmap Ahead Gregory Lebovitz
- Re: [IPsec] WESP - Roadmap Ahead Jack Kohn
- Re: [IPsec] WESP - Roadmap Ahead Stephen Kent
- Re: [IPsec] WESP - Roadmap Ahead Jack Kohn
- Re: [IPsec] WESP - Roadmap Ahead Stephen Kent
- Re: [IPsec] WESP - Roadmap Ahead Jack Kohn
- Re: [IPsec] WESP - Roadmap Ahead Stephen Kent
- Re: [IPsec] WESP - Roadmap Ahead Jack Kohn
- Re: [IPsec] WESP - Roadmap Ahead Daniel Migault
- Re: [IPsec] WESP - Roadmap Ahead Tero Kivinen
- Re: [IPsec] WESP - Roadmap Ahead Tero Kivinen
- Re: [IPsec] WESP - Roadmap Ahead Stephen Kent
- Re: [IPsec] WESP - Roadmap Ahead Stephen Kent
- Re: [IPsec] WESP - Roadmap Ahead Jack Kohn
- Re: [IPsec] WESP - Roadmap Ahead Stephen Kent