On Sat, 19 Jul 2014, Yaron Sheffer wrote:
Recently discovered incorrect behavior of ISPs poses a
challenge to IKE, whose UDP messages (especially #3 and #4)
sometimes get fragmented at the IP level and then dropped
by these ISPs. There is interest in solving this issue by
allowing transport of IKE over TCP; this is currently
implemented by some vendors. The group will standardize such
a solution.
The working group had already reached consensus not to support two
different fragmentation solutions and to only support
draft-smyslov-ipsecme-ikev2-fragmentation, after Yoav's IKE TCP
presentation, I believe in London? So I don't think this item belongs
on the agenda, unless we are looking at revising that earlier decision.
We have a fragmentation draft (almost) past IESG review. So we're not
revising any decision. "The group will standardize such a solution" is still
correct, until we actually publish the document.
You are revising the decision NOT to have IKE TCP:
"There is interest in solving this issue by
allowing transport of IKE over TCP; this is currently
implemented by some vendors. The group will standardize such
a solution."
If you remove the first sentence, then it only talks about UDP and how
we are working on standarising fragmentation support using UDP.
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
