Well, Joe Touch's comments on congestion still apply: http://www.ietf.org/mail-archive/web/ipsec/current/msg08654.html
I suggest consulting RFC 5405 on this topic, and applying its guidance. Thanks, --David > -----Original Message----- > From: IPsec [mailto:[email protected]] On Behalf Of Rajeshwar Singh > Jenwar (rsj) > Sent: Wednesday, March 12, 2014 10:27 PM > To: IPsecme WG ([email protected]) > Subject: [IPsec] FW: New Version Notification for draft-amjads-ipsecme-ikev2- > data-channel-01.txt > > Hi, > > We (Amjad and I) have published new version of "Data over IKEv2 for > application security" draft based on inputs/comments received. > Please review and provide comments/inputs/questions. > > Kind Regards, > Raj > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Wednesday, March 12, 2014 5:13 PM > To: Amjad Inamdar (amjads); Rajeshwar Singh Jenwar (rsj); Rajeshwar Singh > Jenwar (rsj); Amjad Inamdar (amjads) > Subject: New Version Notification for draft-amjads-ipsecme-ikev2-data-channel- > 01.txt > > > A new version of I-D, draft-amjads-ipsecme-ikev2-data-channel-01.txt > has been successfully submitted by Amjad S. Inamdar and posted to the IETF > repository. > > Name: draft-amjads-ipsecme-ikev2-data-channel > Revision: 01 > Title: IKEv2 based lightweight secure data communication draft- > amjads-ipsecme-ikev2-data-channel-01 (D-IKE) > Document date: 2014-03-12 > Group: Individual Submission > Pages: 15 > URL: http://www.ietf.org/internet-drafts/draft-amjads-ipsecme- > ikev2-data-channel-01.txt > Status: https://datatracker.ietf.org/doc/draft-amjads-ipsecme-ikev2- > data-channel/ > Htmlized: http://tools.ietf.org/html/draft-amjads-ipsecme-ikev2-data- > channel-01 > Diff: http://www.ietf.org/rfcdiff?url2=draft-amjads-ipsecme-ikev2- > data-channel-01 > > Abstract: > The Internet Key Exchange (IKEv2) protocol provides authentication, > confidentiality, integrity, data-origin authentication and anti- > replay. Currently, IKEv2 is mainly used as a control channel to > negotiate IPsec SA(s). IPsec is not well suited to provide transport > layer security for applications as it resides at the network layer > and most of the IPsec implementations require integration into > operating systems making it difficult to deploy. IPsec uses > different sessions for control and data traffic which is not NAT and > load balancer friendly. TLS/DTLS, the other popular security > mechanism to provide the above security services does not mandate > mutual peer authentication and Diffie Hellman exchange. > > This document describes an IKEv2 based lightweight secure data > communication protocol and a way to provide transport layer security > for UDP client/server applications. The protocol provides integrity > protected encryption and integrity-only protection based on > application needs. As most of the IoT applications are UDP based, > IKEv2 can be used for key management as well secure data > communication in IoT due to its simplicity, scalability, > lightweightedness and ease of deployment. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
