[IPsec] AD review of draft-ietf-ipsecme-tcp-encaps

Hello, Thank you for your work on draft-ietf-ipsecme-tcp-encaps. It's a well written draft and I just have one question. Section 7: Why is SHA-1 used? If this is a result of the protocol and prior RFCs, please include a reference. And an explanation on list would be helpful (pointer is fine if

Re: [IPsec] AD review of draft-ietf-ipsecme-tcp-encaps

Hi Kathleen, Yes, this is referring to how the existing NAT detection works in IKEv2: https://tools.ietf.org/html/rfc7296 Section 2.23. NAT Traversal o The data associated with the NAT_DETECTION_SOURCE_IP notification is a SHA-1 digest of the SPIs (in the order they appear in the

Re: [IPsec] AD review of draft-ietf-ipsecme-tcp-encaps

On Thu, Mar 9, 2017 at 12:47 PM, Tommy Pauly wrote: > Hi Kathleen, > > Yes, this is referring to how the existing NAT detection works in IKEv2: > > https://tools.ietf.org/html/rfc7296 > > Section 2.23. NAT Traversal > >o The data associated with the NAT_DETECTION_SOURCE_IP