Thanks all for the clarification.
> -Original Message-
> From: tpa...@apple.com [mailto:tpa...@apple.com]
> Sent: Monday, May 23, 2016 5:28 PM
> To: Hu, Jun (Nokia - US)
> Cc: Paul Wouters; IPsecME WG
> Subject: Re: [IPsec] New version of TCP Encapsulation draft, request for
> adoption
>
> From: Paul Wouters [mailto:p...@nohats.ca]
> Sent: Monday, May 23, 2016 4:26 PM
> To: Hu, Jun (Nokia - US)
> Cc: IPsecME WG
> Subject: Re: [IPsec] New version of TCP Encapsulation draft, request for
> adoption
>
> On Mon, 23 May 2016, Hu, Jun (Nokia - US) wrote:
>
> >> To get past middleware
On Mon, 23 May 2016, Hu, Jun (Nokia - US) wrote:
To get past middleware boxes that tend to not touch "real" TLS traffic but
mangle anything else.
[HJ] so there is middle box that will only allow TLS traffic (and dropping all
plain tcp traffic)? that sounds pretty extreme, but even in such
Hi
We use TLS to facilitate traversal of IPSEC traffic through http proxies.
The client would use the HTTP Connect command to connect to the proxy.
TLS is only used for this purpose and not for securing the IPSec link.
Thanks.
Samy.
On 5/23/16, 3:55 PM, "IPsec on behalf of Hu, Jun (Nokia -
> On 23 May 2016, at 9:39 AM, Valery Smyslov wrote:
>
> Hi Tommy,
>
> thank you for clarifications. One more point. The draft is silent about
> what the responder is supposed to do with the stream prefix.
> Should it check it? In this case what should it do if the prefix is
>
Hi Paul,
thank you for clarifications. One more point. The draft is silent about
what the responder is supposed to do with the stream prefix.
Should it check it? In this case what should it do if the prefix is
different from "IKEv2"? Discard the TCP session? Or should
it ignore the prefix
On Mon, 23 May 2016, Valery Smyslov wrote:
thank you for clarifications. One more point. The draft is silent about
what the responder is supposed to do with the stream prefix.
Should it check it? In this case what should it do if the prefix is
different from "IKEv2"? Discard the TCP session? Or
Hi Tommy,
thank you for clarifications. One more point. The draft is silent about
what the responder is supposed to do with the stream prefix.
Should it check it? In this case what should it do if the prefix is
different from "IKEv2"? Discard the TCP session? Or should
it ignore the prefix