Hi Kathleen, I've just posted a new version to fix some minor nits and add a reference for the SHA-1 digest used for NAT detection: https://www.ietf.org/id/draft-ietf-ipsecme-tcp-encaps-09.txt
>From my perspective, I think starting a IETF last call now make sense. Thanks! Tommy > On Mar 9, 2017, at 10:48 AM, Kathleen Moriarty > <kathleen.moriarty.i...@gmail.com> wrote: > > On Thu, Mar 9, 2017 at 12:47 PM, Tommy Pauly <tpa...@apple.com > <mailto:tpa...@apple.com>> wrote: >> Hi Kathleen, >> >> Yes, this is referring to how the existing NAT detection works in IKEv2: >> >> https://tools.ietf.org/html/rfc7296 <https://tools.ietf.org/html/rfc7296> >> >> Section 2.23. NAT Traversal >> >> o The data associated with the NAT_DETECTION_SOURCE_IP notification >> is a SHA-1 digest of the SPIs (in the order they appear in the >> header), IP address, and port from which this packet was sent. >> >> We can add a pointer to the section of the RFC. > > Great. Please let me know when that is done and I can start IETF last > call. Does the WG want me to start that right away or to wait until > after Chicago? I'm inclined to start it right away and have it on the > first telechat after. > > Thanks, > Kathleen > >> >> Thanks, >> Tommy >> >>> On Mar 9, 2017, at 9:39 AM, Kathleen Moriarty >>> <kathleen.moriarty.i...@gmail.com> wrote: >>> >>> Hello, >>> >>> Thank you for your work on draft-ietf-ipsecme-tcp-encaps. It's a well >>> written draft and I just have one question. >>> >>> Section 7: Why is SHA-1 used? If this is a result of the protocol and >>> prior RFCs, please include a reference. And an explanation on list >>> would be helpful (pointer is fine if this was already discussed. >>> >>> >>> >>> -- >>> >>> Best regards, >>> Kathleen >>> >>> _______________________________________________ >>> IPsec mailing list >>> IPsec@ietf.org >>> https://www.ietf.org/mailman/listinfo/ipsec >> > > > > -- > > Best regards, > Kathleen
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
