Spencer Dawkins has entered the following ballot position for charter-ietf-ipsecme-10-00: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/charter-ietf-ipsecme/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- This sentence doesn't parse for me - or maybe I just need more security clue? "IKEv1 using shared secret authentication was partially resistance to quantum computers." I don't object to this text "There have been middle boxes blocking IKE negotiation over UDP. To make IKE work in these environments, IKE packets need to be encapsulated in a TCP tunnel. The group will define a mechanism to tunnel IKE and IPsec over a TCP-based connection. This method is intended to be used as a fallback when IKE cannot be negotiated over UDP. The group will create a method where IKEv2 and IPsec packets can be encapsulated in the TCP connection." going for external review, but I'd love to understand better what the resulting protocol stack looks like. I get the part about encapsulating IKEv2 in TCP, but is encapsulating IPsec in TCP going to give us a general-purpose "IP over TCP" mechanism? _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
