On Sat, 19 Jul 2014, Yaron Sheffer wrote:
Recently discovered incorrect behavior of ISPs poses a
challenge to IKE, whose UDP messages (especially #3 and #4)
sometimes get fragmented at the IP level and then dropped
by these ISPs. There is interest in solving this issue by
allowing transport of IKE over TCP; this is currently
implemented by some vendors. The group will standardize such
a solution.
The working group had already reached consensus not to support two
different fragmentation solutions and to only support
draft-smyslov-ipsecme-ikev2-fragmentation, after Yoav's IKE TCP
presentation, I believe in London? So I don't think this item belongs
on the agenda, unless we are looking at revising that earlier decision.
Goals and Milestones:
Done - IETF Last Call on large scale VPN use cases and requirements
Done - IETF last call on IKE fragmentation solution
Done - IETF last call on new mandatory-to-implement algorithms
[No current milestones]
Could we add something about assisting Opportunistic Encryption, or
whatever term will be used? There is the auth_none draft, and there
will be an OE draft by the libreswan team soon. Those will end up in
ipsecme.
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
