Hello,
At our meeting yesterday, we agreed that we want one more revision of
draft-pauly-ipsecme-tcp-encaps-03 before putting it up for working group
adoption to clear up a few concerns.
Here are the changes we’re planning:
1. Reconcile the length field size with 3GPP’s recommendation (sent out by
Tero) to promote interoperability if any devices have already implemented
3GPP’s suggestions. This would mean changing the length field from 32 bits to
16 bits.
2. Address the concerns around including too many direct references to use of
TLS and port 443 in the body of the standards track document. The current plan
here would be to make all direct references to TLS in the body of the document
be more generic regarding any protocols over TCP that are added to encapsulate
the IKE session, and point to an appendix that explains the caveats regarding
TLS. The main point to communicate is that TLS should not influence the framing
of IKE or ESP packets on the stream, and that the encryption and authentication
properties of TLS do not influence the IKE session at all. Valery, I believe
this should address your concerns.
Please reply with your feedback if you think these changes are good ideas, and
if there are any other remaining points that should be changed before we move
ahead.
After this, the plan would be to ask for working group adoption of the document
if there are no other objections, and to in parallel start an informational
document (perhaps a draft, perhaps outside of IETF) to describe the practical
strategies for using TLS to encapsulate the tunnel, and more detail on proxy
interactions.
Thanks,
Tommy Pauly
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec