On Fri, 7 Sep 2018, Valery Smyslov wrote:
I've posted a draft with clarifications and implementation guidelines
for RFC8229. These clarifications and recommendations are based
on experience of implementing TCP encapsulation and testing it in
various IKEv2 scenarios.
Feedback of any sort is highly appreciated.
I would cut a lot of the introduction / abstract and come straight to
the point. Simiarly, further one not provide as much details and just
come to the point faster.
I don't see any consideration in the document about deployments that
use a TCP proxy in front of the IKE daemon. In those scenarios, the
daemon might not even know TCP is used or the proxy code is written in
a way that only minimal changes to the IKEv2 core are needed. So a lot
of decisions you specify, such as not sending retransmits, might not
be possible for those kind of implementations, and so this document
dictating them for make interop harder, not easier.
As this also touches on message IDs, and I think we might have some
msgid deadlocks even in the UDP only case, perhaps a clarifying
document could add some non-TCP items as well? And the TCP part could
be part of the new clarification draft ?
Paul
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
