Re: [IPsec] AD review of draft-ietf-ipsecme-tcp-encaps
On Thu, Mar 9, 2017 at 12:47 PM, Tommy Paulywrote: > Hi Kathleen, > > Yes, this is referring to how the existing NAT detection works in IKEv2: > > https://tools.ietf.org/html/rfc7296 > > Section 2.23. NAT Traversal > >o The data associated with the NAT_DETECTION_SOURCE_IP notification > is a SHA-1 digest of the SPIs (in the order they appear in the > header), IP address, and port from which this packet was sent. > > We can add a pointer to the section of the RFC. Great. Please let me know when that is done and I can start IETF last call. Does the WG want me to start that right away or to wait until after Chicago? I'm inclined to start it right away and have it on the first telechat after. Thanks, Kathleen > > Thanks, > Tommy > >> On Mar 9, 2017, at 9:39 AM, Kathleen Moriarty >> wrote: >> >> Hello, >> >> Thank you for your work on draft-ietf-ipsecme-tcp-encaps. It's a well >> written draft and I just have one question. >> >> Section 7: Why is SHA-1 used? If this is a result of the protocol and >> prior RFCs, please include a reference. And an explanation on list >> would be helpful (pointer is fine if this was already discussed. >> >> >> >> -- >> >> Best regards, >> Kathleen >> >> ___ >> IPsec mailing list >> IPsec@ietf.org >> https://www.ietf.org/mailman/listinfo/ipsec > -- Best regards, Kathleen ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] AD review of draft-ietf-ipsecme-tcp-encaps
Hi Kathleen, Yes, this is referring to how the existing NAT detection works in IKEv2: https://tools.ietf.org/html/rfc7296 Section 2.23. NAT Traversal o The data associated with the NAT_DETECTION_SOURCE_IP notification is a SHA-1 digest of the SPIs (in the order they appear in the header), IP address, and port from which this packet was sent. We can add a pointer to the section of the RFC. Thanks, Tommy > On Mar 9, 2017, at 9:39 AM, Kathleen Moriarty >wrote: > > Hello, > > Thank you for your work on draft-ietf-ipsecme-tcp-encaps. It's a well > written draft and I just have one question. > > Section 7: Why is SHA-1 used? If this is a result of the protocol and > prior RFCs, please include a reference. And an explanation on list > would be helpful (pointer is fine if this was already discussed. > > > > -- > > Best regards, > Kathleen > > ___ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
[IPsec] AD review of draft-ietf-ipsecme-tcp-encaps
Hello, Thank you for your work on draft-ietf-ipsecme-tcp-encaps. It's a well written draft and I just have one question. Section 7: Why is SHA-1 used? If this is a result of the protocol and prior RFCs, please include a reference. And an explanation on list would be helpful (pointer is fine if this was already discussed. -- Best regards, Kathleen ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec