On Apr 27, 2013, at 8:02 PM, Yaron Sheffer <[email protected]> wrote:
> Dear IPsec folks, > > The ipsecme working group is chartered to come up with a solution for > transporting long IKEv2 messages over networks that do not perform IP > fragmentation correctly, and as a result drop overly long messages, usually > IKE_AUTH messages. > > Our original plan was to base the solution on IKE-over-TCP, however the > author of this draft decided to abandon it because he now prefers a different > solution, similar to the (non-standard) IKEv1 Fragmentation payload that was > implemented by several vendors (see > http://msdn.microsoft.com/en-us/library/cc233251.aspx). We do not want to end > up with a common but non-standard solution in IKEv2, which would practically > guarantee interoperability issues. Just to set the record straight, I did not decide to abandon it, and if the group would like to pursue IKE-over-TCP I am willing to continue as editor. As a vendor, though, I would much rather implement just one mechanism that would work for both IKEv1 and IKEv2, and there is a huge installed base of IKEv1 with fragments. <snip/> > We propose to meet May 7, at 9:00am PST (16:00 UTC, 12:00 noon EST, 19:00 > Israel) for 1 hour. We will publish a bridge number a week before the meeting. > > Please let us know if the date/time absolutely doesn't work for you. This works for me. Yoav _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
