;
>
> -Original Message-
> From: IPsec [mailto:ipsec-boun...@ietf.org <mailto:ipsec-boun...@ietf.org>]
> On Behalf Of Hu, Jun (Nokia - US)
> Sent: Friday, October 07, 2016 2:09 PM
> To: Tommy Pauly; Valery Smyslov; Yoav Nir
> Cc: IPsecME WG; Daniel Migault
TCP sessions for a single
>CHILD_SA?
From: tpa...@apple.com [mailto:tpa...@apple.com]
Sent: Tuesday, October 11, 2016 5:35 PM
To: Hu, Jun (Nokia - US)
Cc: Valery Smyslov; Yoav Nir; IPsecME WG; Daniel Migault; Paul Wouters
Subject: Re: [IPsec] New version of TCP Encapsulation draft, request for
adopt
niel Migault; Paul Wouters
>> Subject: Re: [IPsec] New version of TCP Encapsulation draft, request for
>> adoption
>>
>> I was reading the draft again, and had similar problem as below; Draft states
>> that SA state should be independent of TCP state and it allows mul
7, 2016 2:09 PM
> To: Tommy Pauly; Valery Smyslov; Yoav Nir
> Cc: IPsecME WG; Daniel Migault; Paul Wouters
> Subject: Re: [IPsec] New version of TCP Encapsulation draft, request for
> adoption
>
> I was reading the draft again, and had similar problem as below; Draft st
I was reading the draft again, and had similar problem as below;
Draft states that SA state should be independent of TCP state and it allows
multiple TCP sessions between two peers even when there is only one IKE_SA;
I assume this means for a given tunnel, different SA could belong to different
Thanks all for the clarification.
> -Original Message-
> From: tpa...@apple.com [mailto:tpa...@apple.com]
> Sent: Monday, May 23, 2016 5:28 PM
> To: Hu, Jun (Nokia - US)
> Cc: Paul Wouters; IPsecME WG
> Subject: Re: [IPsec] New version of TCP Encapsulation draft, requ
> From: Paul Wouters [mailto:p...@nohats.ca]
> Sent: Monday, May 23, 2016 4:26 PM
> To: Hu, Jun (Nokia - US)
> Cc: IPsecME WG
> Subject: Re: [IPsec] New version of TCP Encapsulation draft, request for
> adoption
>
> On Mon, 23 May 2016, Hu, Jun (Nokia - US) wrote:
>
On Mon, 23 May 2016, Hu, Jun (Nokia - US) wrote:
To get past middleware boxes that tend to not touch "real" TLS traffic but
mangle anything else.
[HJ] so there is middle box that will only allow TLS traffic (and dropping all
plain tcp traffic)? that sounds pretty extreme, but even in such
Migault; Paul Wouters; Tommy Pauly
>> Subject: Re: [IPsec] New version of TCP Encapsulation draft, request for
>> adoption
>>
>>
>> > On 23 May 2016, at 9:39 AM, Valery Smyslov <sva...@gmail.com> wrote:
>> >
>> > Hi Tommy,
>> >
>&g
> On 23 May 2016, at 9:39 AM, Valery Smyslov wrote:
>
> Hi Tommy,
>
> thank you for clarifications. One more point. The draft is silent about
> what the responder is supposed to do with the stream prefix.
> Should it check it? In this case what should it do if the prefix is
>
Hi Paul,
thank you for clarifications. One more point. The draft is silent about
what the responder is supposed to do with the stream prefix.
Should it check it? In this case what should it do if the prefix is
different from "IKEv2"? Discard the TCP session? Or should
it ignore the prefix
On Mon, 23 May 2016, Valery Smyslov wrote:
thank you for clarifications. One more point. The draft is silent about
what the responder is supposed to do with the stream prefix.
Should it check it? In this case what should it do if the prefix is
different from "IKEv2"? Discard the TCP session? Or
ynir.i...@gmail.com>
Cc: "Paul Wouters" <p...@nohats.ca>; "Daniel Migault" <daniel.miga...@ericsson.com>;
"IPsecME WG" <ipsec@ietf.org>
Sent: Friday, May 20, 2016 9:11 PM
Subject: Re: [IPsec] New version of TCP Encapsulation draft, request for
adoption
Hi Valery,
Thanks for your reply! I think these are good points that we can clarify in
future versions, although we can address these once it is a working group
document. Responses inline.
Best,
Tommy
> On May 16, 2016, at 11:53 PM, Valery Smyslov wrote:
>
> Hi Tommy,
>
>
Hi Tommy,
sorry for late reply. I'm mostly OK with the last version of the draft.
Few comments. It is a bit unclear how Stream Prefix is intended
to be used with TLS. Is it insterted at the beginning of the TLS data stream?
Then, I think some text should be added describing a situation
when
Hi Tommy,
Thank you very much for the response. They are addressing all my concerns.
BR,
Daniel
On Mon, May 16, 2016 at 4:15 PM, Tommy Pauly wrote:
> Hi Paul, Daniel,
>
> Thanks for the comments! Responses inline.
>
> I'd like to also hear feedback from people who brought up
Hi Paul, Daniel,
Thanks for the comments! Responses inline.
I'd like to also hear feedback from people who brought up issues last time if
possible (Valery regarding inclusion of TLS, Tero regarding the 3GPP spec
conformity, and Yoav regarding the magic value) to validate that this draft is
On Fri, 6 May 2016, Daniel Migault wrote:
s/IPSec/IPsec
If Tommy could also fix that auto-correct for my iphone, that would be
great too :)
"This method is intended to be used as a fallback option when IKE
cannot be negotiated over UDP."
This seems to indicates that the method should only
Hi,
I have read the draft. TCP encapsulation is a topic that matters, and I
would like different vendors to implement a standard version of this. I
think the draft is in good shape to be adopted and discussed as a WG
document. I am volunteering to continue reviewing the draft and contribute
to
19 matches
Mail list logo