Hello, I’ve posted a new version of the TCP encapsulation draft with the following changes:
1. Added a section to explicitly discuss how to fallback from UDP to TCP (retransmissions, etc) based on feedback from the charter discussion 2. Explained that this method of encapsulation can be used for any stream protocol, and is not TCP specific, based on feedback from the charter discussion 3. Clarified the use of multiple TCP connections for Child SAs, based on Jun Hu’s questions Also, I’m happy to say that we’ve been doing interoperability testing between Apple clients and Cisco server for TCP encapsulation. If anyone else has an implementation they’d like to try out, please let us know! Best, Tommy > On Oct 31, 2016, at 8:56 AM, internet-dra...@ietf.org wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the IP Security Maintenance and Extensions of > the IETF. > > Title : TCP Encapsulation of IKE and IPsec Packets > Authors : Tommy Pauly > Samy Touati > Ravi Mantha > Filename : draft-ietf-ipsecme-tcp-encaps-03.txt > Pages : 20 > Date : 2016-10-31 > > Abstract: > This document describes a method to transport IKE and IPsec packets > over a TCP connection for traversing network middleboxes that may > block IKE negotiation over UDP. This method, referred to as TCP > encapsulation, involves sending both IKE packets for tunnel > establishment as well as tunneled packets using ESP over a TCP > connection. This method is intended to be used as a fallback option > when IKE cannot be negotiated over UDP. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-ipsecme-tcp-encaps/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-ipsecme-tcp-encaps-03 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-tcp-encaps-03 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
