[e2e] How TCP might look with always there ESP

Robert Moskowitz rgm-ietf at htt-consult.com
Wed Jul 18 05:43:21 PDT 2001


At 08:00 PM 7/17/2001 +0100, Lloyd Wood wrote:

>Even with robust widely-deployed ESP in a sensible security framework,
>you'd still need a form of TCP for session management. By having ESP
>take over TCP's session management, aren't you effectively
>compromising the security model?

Never considered doing a way with TCP session management, or rather 
re-inventing it.  A number of us now view ESP as layer 3.5, and if done 
properly would allow for a layer 4 to readily traverse many layer 3 
'realms'.  For example, NATed to public to NATed.  Or IPv6 to IPv4 to IPv6.






More information about the end2end-interest mailing list