The IESG has approved the following document: - 'TCP Encapsulation of IKE and IPsec Packets' (draft-ietf-ipsecme-rfc8229bis-09.txt) as Proposed Standard
This document is the product of the IP Security Maintenance and Extensions Working Group. The IESG contact persons are Paul Wouters and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-ipsecme-rfc8229bis/ Technical Summary This document describes a method to transport Internet Key Exchange Protocol (IKE) and IPsec packets over a TCP connection for traversing network middleboxes that may block IKE negotiation over UDP. This method, referred to as "TCP encapsulation", involves sending both IKE packets for Security Association establishment and Encapsulating Security Payload (ESP) packets over a TCP connection. This method is intended to be used as a fallback option when IKE cannot be negotiated over UDP. TCP encapsulation for IKE and IPsec was defined in RFC 8229. This document updates the specification for TCP encapsulation by including additional clarifications obtained during implementation and deployment of this method. This documents obsoletes RFC 8229. Working Group Summary This work started in 2018 with document "Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2", but during the process IPsecME WG decided to make bis document of RFC8229 instead as some of the clarifications were actually modifying the protocol. The first version of the rfc8229bis document was published as individual draft in May 2020 as individual draft, and it was adopted by the WG in April 2021. Updates were made in response to AD Review, GENART, TSV, and SECDIR review. Document Quality There are several implementations of the RFC8229 and during those implementations few issues were found that required modifications. Because of that this RFC8229bis document was created, when it was obvious that simple clarifications are not enough. There are already some implementations implementing changes described in this bis document. Personnel Shepherd: Tero Kivinen Responsible AD: Roman Danyliw _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
