Hi Chris,
IPTFS is not always negotiated, as IKE is not always used. Supporting zero-conf
IPTFS receive is very useful for supporting these
non-IKE use-cases.
If you plan to use IPTFS without IKE, then make it clear in the draft
that
Zero-Conf is only applicable for these use cases and MUST NOT be used
if IKE is employed. That will make me happy :-)
Regards,
Valery.
Thanks,
Chris.
If you badly need this feature, then please make it MAY and negotiable,
so that people can ignore it. SHOULD is too strong for it,
leaving it non-negotiable is just unacceptable, IMHO.
Regards,
Valery.
Thanks,
Lou
So, please, remove it.
2. It highlights that one must send payloads that carry inner packet fragments
using consecutive ESP
sequence numbered packets (with a caveat for all pad payload insertion).
That's useful clarification, thanks.
Regards,
Valery.
We feel the document is quite stable at this point and would thus like to ask
for moving to WG Last Call.
Thanks,
Chris.
On Sep 30, 2020, at 12:25 PM, [email protected] wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions WG of
the IETF.
Title : IP Traffic Flow Security
Author : Christian Hopps
Filename : draft-ietf-ipsecme-iptfs-02.txt
Pages : 26
Date : 2020-09-30
Abstract:
This document describes a mechanism to enhance IPsec traffic flow
security by adding traffic flow confidentiality to encrypted IP
encapsulated traffic. Traffic flow confidentiality is provided by
obscuring the size and frequency of IP traffic using a fixed-sized,
constant-send-rate IPsec tunnel. The solution allows for congestion
control as well.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-ipsecme-iptfs/
There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-ipsecme-iptfs-02
https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-iptfs-02
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-iptfs-02
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
