Hi Yoav,
I agree with your conclusion (that we should do an IKE fragment thing,
maybe based on your draft).
However, 2 comments:
1. You can never know if anything is IPR free. At best you can say that
nobody has said anything yet.
Yes, I agree. I only meant that neither I, nor my company didn't claim IPR.
Of course, somebody might have claimed IPR for similar approach before.
2. IKE over TCP has worked for over 10 years in my company's products and
worked well. So the details can be ironed out.
Of course, although from my understanding IKE over TCP for IKEv2 will have
more issues to iron out than for IKEv1...
The reason > we abandoned this technology is that the broken SOHO devices
began to not only drop fragments, but to also
drop anything that wasn't TCP to a specific group of ports. IKE-over-TCP
could not solve this issue.
Unfortunately, IKE fragmentation couldn't solve this either...
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
