Hello Yoav, This seems to be very interesting, I like it due to the first motivation you mentioned. I would be ready to review if this is accepted as a WG item.
If some of the motivations are already tackled, it would be wise to check if making additions to IKEv2 tackling those motivations would be worth while. Regards, Matt 2009/12/2 Alper Yegin <alper.ye...@yegin.org> > Hi Hui, > > Are all 4 motivations below part of 3gpp discussion? > > Alper > > > > -----Original Message----- > > From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf > > Of Hui Deng > > Sent: Tuesday, December 01, 2009 3:28 PM > > To: Yoav Nir > > Cc: ipsec@ietf.org; Alper Yegin > > Subject: Re: [IPsec] Proposed work item: Childless IKE SA > > > > During the last 3GPP SA3 meeting, such requirement about HNB has also > > been approved as well. > > > > thanks > > > > -Hui > > > > 2009/12/1 Yoav Nir <y...@checkpoint.com>: > > > There were several motivations listed for childless IKE SAs. > > > - remote access, where you create an IKE SA when the user wants to > > connect, and only create child SAs in response to traffic > > > - authentication only over a physically secure network (not > > necessarily EAP, but I think this is the use case you referred to) > > > - Location awareness (as in the SecureBeacon draft) > > > - Some "weird" uses such as liveness checks without IPsec, NAT > > detection, etc. > > > > > > > > > On Dec 1, 2009, at 2:29 PM, Alper Yegin wrote: > > > > > >> One of the (or main?) motivations of this proposal is to turn IKEv2 > > into > > >> "EAP-based network access authentication protocol". RFC 5191 is > > designed > > >> for that purpose, and I'm not sure if we need to twist a protocol > > for the > > >> same purpose. > > >> > > >> > > >> > > >>> -----Original Message----- > > >>> From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On > > Behalf > > >>> Of Yaron Sheffer > > >>> Sent: Sunday, November 29, 2009 7:21 PM > > >>> To: ipsec@ietf.org > > >>> Subject: [IPsec] Proposed work item: Childless IKE SA > > >>> > > >>> This draft proposes an IKEv2 extension to allow the setup of an IKE > > SA > > >>> with no Child SA, a situation which is currently disallowed by the > > >>> protocol. > > >>> > > >>> Proposed starting point: http://tools.ietf.org/id/draft-nir- > > ipsecme- > > >>> childless-01.txt. > > >>> > > >>> Please reply to the list: > > >>> > > >>> - If this proposal is accepted as a WG work item, are you > > committing to > > >>> review multiple versions of the draft? > > >>> - Are you willing to contribute text to the draft? > > >>> - Would you like to co-author it? > > >>> > > >>> Please also reply to the list if: > > >>> > > >>> - You believe this is NOT a reasonable activity for the WG to spend > > >>> time on. > > >>> > > >>> If this is the case, please explain your position. Do not explore > > the > > >>> fine technical details (which will change anyway, once the WG gets > > hold > > >>> of the draft); instead explain why this is uninteresting for the WG > > or > > >>> for the industry at large. Also, please mark the title clearly > > (e.g. > > >>> "DES40-export in IPsec - NO!"). > > >>> _______________________________________________ > > >>> IPsec mailing list > > >>> IPsec@ietf.org > > >>> https://www.ietf.org/mailman/listinfo/ipsec > > >> > > >> _______________________________________________ > > >> IPsec mailing list > > >> IPsec@ietf.org > > >> https://www.ietf.org/mailman/listinfo/ipsec > > >> > > >> Scanned by Check Point Total Security Gateway. > > > > > > _______________________________________________ > > > IPsec mailing list > > > IPsec@ietf.org > > > https://www.ietf.org/mailman/listinfo/ipsec > > > > > _______________________________________________ > > IPsec mailing list > > IPsec@ietf.org > > https://www.ietf.org/mailman/listinfo/ipsec > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec >
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
