On Mon, 23 May 2016, Hu, Jun (Nokia - US) wrote:
[HJ] this part is a bit confusing for me, if we don't use TLS level encryption, then what's the benefit of using TLS over plain TCP encapsulation? In fact, I don't know why TLS encapsulation is needed at all, it is said in the draft that " The security of the IKEv2 session is entirely derived from the IKVEv2 negotiation and key establishment", so encryption/authentication of TLS level are not needed at all.
To get past middleware boxes that tend to not touch "real" TLS traffic but mangle anything else. Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
