Re: [IPsec] AD review of draft-ietf-ipsecme-tcp-encaps

Kathleen Moriarty writes: > Sorry I dropped the ball. I can start IETF last call, but since we > are in IETF week, should it be extended a week? Yes, I think extending it by a week would be better. -- kivi...@iki.fi ___ IPsec mailing list

Re: [IPsec] AD review of draft-ietf-ipsecme-tcp-encaps

Hi Tommy, Sorry I dropped the ball. I can start IETF last call, but since we are in IETF week, should it be extended a week? Thanks, Kathleen On Sun, Mar 12, 2017 at 3:11 PM, Tommy Pauly wrote: > Hi Kathleen, > > I've just posted a new version to fix some minor nits and add

Re: [IPsec] AD review of draft-ietf-ipsecme-tcp-encaps

Hi Kathleen, I've just posted a new version to fix some minor nits and add a reference for the SHA-1 digest used for NAT detection: https://www.ietf.org/id/draft-ietf-ipsecme-tcp-encaps-09.txt >From my perspective, I think starting a IETF last call now make sense. Thanks! Tommy > On Mar 9,

Re: [IPsec] AD review of draft-ietf-ipsecme-tcp-encaps

On Thu, Mar 9, 2017 at 12:47 PM, Tommy Pauly wrote: > Hi Kathleen, > > Yes, this is referring to how the existing NAT detection works in IKEv2: > > https://tools.ietf.org/html/rfc7296 > > Section 2.23. NAT Traversal > >o The data associated with the NAT_DETECTION_SOURCE_IP

Re: [IPsec] AD review of draft-ietf-ipsecme-tcp-encaps

Hi Kathleen, Yes, this is referring to how the existing NAT detection works in IKEv2: https://tools.ietf.org/html/rfc7296 Section 2.23. NAT Traversal o The data associated with the NAT_DETECTION_SOURCE_IP notification is a SHA-1 digest of the SPIs (in the order they appear in the

[IPsec] AD review of draft-ietf-ipsecme-tcp-encaps

Hello, Thank you for your work on draft-ietf-ipsecme-tcp-encaps. It's a well written draft and I just have one question. Section 7: Why is SHA-1 used? If this is a result of the protocol and prior RFCs, please include a reference. And an explanation on list would be helpful (pointer is fine if