Hi, I've posted a draft with clarifications and implementation guidelines for RFC8229. These clarifications and recommendations are based on experience of implementing TCP encapsulation and testing it in various IKEv2 scenarios.
Feedback of any sort is highly appreciated. Regards, Valery. > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Friday, September 07, 2018 3:42 PM > To: Valery Smyslov > Subject: New Version Notification for > draft-smyslov-ipsecme-tcp-guidelines-00.txt > > > A new version of I-D, draft-smyslov-ipsecme-tcp-guidelines-00.txt > has been successfully submitted by Valery Smyslov and posted to the > IETF repository. > > Name: draft-smyslov-ipsecme-tcp-guidelines > Revision: 00 > Title: Clarifications and Implementation Guidelines for using > TCP Encapsulation in IKEv2 > Document date: 2018-09-07 > Group: Individual Submission > Pages: 8 > URL: > https://www.ietf.org/internet-drafts/draft-smyslov-ipsecme-tcp-guidelines-00.txt > Status: > https://datatracker.ietf.org/doc/draft-smyslov-ipsecme-tcp-guidelines/ > Htmlized: > https://tools.ietf.org/html/draft-smyslov-ipsecme-tcp-guidelines-00 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-smyslov-ipsecme-tcp-guidelines > > > Abstract: > The Internet Key Exchange Protocol version 2 (IKEv2) defined in > [RFC7296] uses UDP transport for its messages. [RFC8229] specifies a > way to encapsulate IKEv2 and ESP (Encapsulating Security Payload) > messages in TCP, thus making possible to use them in network > environments that block UDP traffic. However, some nuances of using > TCP in IKEv2 are not covered by that specification. This document > provides clarifications and implementation guidelines for [RFC8229]. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
