Paul Hoffman <[email protected]> wrote: >> Recently discovered incorrect behavior of ISPs poses a challenge to >> IKE, whose UDP messages (especially #3 and #4) sometimes get >> fragmented at the IP level and then dropped by these ISPs. There is >> interest in solving this issue by allowing transport of IKE over TCP; >> this is currently implemented by some vendors. The group will >> standardize such a solution.
I think that we gave up over TCP, and have back to fragmentation inside IKE,
right?
>> The WG will revise the IKEv2 specification with a small number of
>> mandatory tests required for the secure operation of IKEv2 when using
>> elliptic curve cryptography. This work will be based on
>> draft-sheffer-ipsecme-dh-checks.
I think we already completed this?
>> Goals and Milestones:
>>
>> Done - IETF Last Call on large scale VPN use cases and requirements
>> Done - IETF last call on IKE fragmentation solution Done - IETF last
>> call on new mandatory-to-implement algorithms
Seems like we should have more milestones listed.
I'd like to make the puzzle solving work charter.
I imagine that this is a real problem, but I wouldn't mind some data on how
often gateways are being DDoSed.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
pgpM1Y2GN5Yo_.pgp
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
