Dear all: Sorry for the late comments. I went through the -06 version of IKEv2 session resumption draft. Basically, I agree with more of the content expect for the new IKE_SESSION_RESUME exchange.
Well, we've discussed pros and cons of IKE_SA_INIT and IKE_SESSION_RESUME for quite a long time. However, IMHO, the consensus is still not fully achieved on this item. So far, I still prefer to choosing extended IKE_SA_INIT for ticket presenting. This solution can be found in http://tools.ietf.org/html/draft-xu-ike-sa-sync-01 As a summary, the virtues are as follows: 1) RFC5077 (TLS session resumption) also uses the similar scheme, which extends the message of clienthello with session ticket extension. The extended IKE_SA_INIT solution has the similar way. It's easy to extend the base IKEv2 protocol stack to support session resumption. 2) Considering the case of failing session resumption, the extended IKE_SA_INIT solution can save one round trip. 3) As indicated in 4.3.3 IKE_AUTH exchange, IKE_AUTH must be initiated after IKE_SESSION_RESUME. In this sense, the extended IKE_SA_INIT way need less code to be supported compared with IKE_SESSION_RESUME. The down side: 1) some people thought the way of extended IKE_SA_INIT will make the base IKEv2 protocol stack more complex. IMHO, it's implementation specific. Again, I still support to use extended IKE_SA_INIT for ticket presenting instead of IKE_SESSION_RESUME. Thanks BRG Peny On Sat, May 16, 2009 at 4:06 AM, Paul Hoffman<paul.hoff...@vpnc.org> wrote: > Greetings again. There has been almost no discussion on the -03 draft, and > Yaron has made some small changes in the -04. As we discussed at the interim > WG meeting, we would like to advance this before Stockholm. > > Therefore, this is the beginning of the two-week WG Last Call, which will end > May 29. The current document is at > <http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-ikev2-resumption-04.txt>. > > Even if you have not read the document before now, please do so. Having fresh > eyes on the document often brings up important issues. Send any comments to > the list, even if they are as simple as "I read it and it seems fine". We > would like to gauge how much support there is or isn't for this protocol. > > --Paul Hoffman, Director > --VPN Consortium > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
