Re: Motivation for ESP-null marking

On Wed, Aug 06, 2008 at 05:13:13PM -0700, Grewal, Ken wrote:
> Thanks Yoav - you hit the nail on the head and I do like the 'deep
> inspection welcome' bit instead of the 'insecure bit', as the packet is
> still integrity protected.

Yes, that makes more sense.  Middle boxes will still need to apply some
heuristics to decide whether such packets are indeed in the clear, but
that will be easy if the policies it applies require inspecting tunneled
next protocol headers.