>>>>> "Joe" == Joe Touch <touch@xxxxxxx> writes:
Joe> I was wondering about that; it seems inconsistent to have
Joe> this document require something that is optional in RFC 4301.
I suspect you realize this, but some people following the discussion
may not. It's critical to this mechanism that intermediate systems be
able to read the sensitivity level. You can either do hop-by-hop SAs
using either ESP-null or AH, or end-to-end SAs using AH or ESP/null
plus one of the fixes so you can determine that a packet is ESP-null
rather than ESP-encrypted. Note that if you are talking about
end-to-end SAs you need to either explain why the intermediate systems
don't need to be able to confirm the integrity of the label, or you
need to address Steve Bellovin's concerns.
--Sam
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf