Lakshminath Dondeti writes: > When did MOBIKE come into picture? What are you saying Tero, that IPsec > session resumption is an alternative to MOBIKE and a slow one at that?
Yes. Both solve the same problem that IKE SA recovers from the IP-address change, or switching from one network to another (i.e. from cellular to WLAN). I do not really see any fundamental reason why the IKE SA needs to be taken down when in cellular. I can see reasons why it might not be needed, but the IKE SA could still be kept up and running, and if done that way, then MOBIKE will offer solution how to move the IKE SA to the new network, and it will mostly do it in 1 RT. > "Annoy" being the keyword. I am now more convinced that we are really > making the protocol inefficient because some kid might try to annoy some > people some time. To counter such potential annoyances which may not > happen at any frequency that matters, we are going to sacrifice the user > experience all the time? I am saying we are not sacrificing the user experience in any noticeable way even if we do 2 RT protocol. I expect that 99.999% users will never notice whether the 1 RT or 2 RT protocol was used if there is no attack. On the other hand, 100% users will notice the attacks if 1 RT protocol is used, and 0% of users will notice the attacks if 2 RT protocol is used. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec