The IESG has approved the following document: - 'TCP Encapsulation of IKE and IPsec Packets' (draft-ietf-ipsecme-tcp-encaps-10.txt) as Proposed Standard
This document is the product of the IP Security Maintenance and Extensions Working Group. The IESG contact persons are Kathleen Moriarty and Eric Rescorla. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-ipsecme-tcp-encaps/ Technical Summary This document describes a method to transport IKE and IPsec packets over a TCP connection for traversing network middleboxes that may block IKE negotiation over UDP. This method, referred to as TCP encapsulation, involves sending both IKE packets for Security Association establishment and ESP packets over a TCP connection. This method is intended to be used as a fallback option when IKE cannot be negotiated over UDP. Working Group Summary The draft came to the working group out of a need to standardize a push towards adding TCP support for IKE that was coming from several sources (VPN vendors and cellular carriers using IKE for telephony services). Some of the major changes that the WG made early on compared to existing proposals from external bodies was to remove the reliance on encapsulating IKE traffic within TLS. Much of the other WG discussion later on in review revolved around how to best manage the connection establishment and teardown transitions. Document Quality There are several early implementations of the protocol that were made to test interoperability (notably, Cisco and Apple). The draft also received input from vendors that have previously deployed proprietary versions of IPsec over TCP. Personnel The Document Shepherd is Tero Kivinen. The responsible ADs are Kathleen Moriarty (with Eric Rescorla taking custody for IESG revies). _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
