With racoon you can use racoonctll to launch a phase1 without a phase2
--Original Message--
From: Paul Hoffman
To: denghu...@gmail.com
Cc: ipsec@ietf.org
Cc: y...@checkpoint.com
Sent: May 15, 2009 8:09 AM
Subject: Re: [IPsec] One question for IKE/IPsec
At 8:10 PM +0800 5/15/09, Hui Deng wr
Hi Yaron,
On 5/13/09 10:01 PM, "Yaron Sheffer" wrote:
> Hi,
>
> While preparing to progress the draft to AD review, I reread it once again.
> Here are a few comments. Although not all are nits, none of them should block
> the document now.
>
> Thanks,
> Yaron
>
> Not-quite-nits:
I'm discovering interoperability bugs between OpenSolaris and other platforms
in the SHA-2 space, mostly around SHA-384 and SHA-512.
Does anyone have an implementation that we can run some quick manually-keyed
tests against?
Thanks,
Dan
___
IPsec mailin
Greetings again. There has been almost no discussion on the -03 draft, and
Yaron has made some small changes in the -04. As we discussed at the interim WG
meeting, we would like to advance this before Stockholm.
Therefore, this is the beginning of the two-week WG Last Call, which will end
May 2
Thanks Yaron - I will capture this as part of the text on packet handling
and field validation.
Thanks,
- Ken
>-Original Message-
>From: Yaron Sheffer [mailto:yar...@checkpoint.com]
>Sent: Friday, May 15, 2009 8:41 AM
>To: Grewal, Ken; ipsec@ietf.org
>Subject: RE: IPsecME traffic visib
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions Working
Group of the IETF.
Title : IKEv2 Session Resumption
Author(s) : Y. Sheffer, et al.
Filename
Hi Ken,
Tero mentioned that two more fields must be zero when the payload is
encrypted. Is this covered by any of the open issues?
Thanks,
Yaron
> -Original Message-
> From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of
> Grewal, Ken
> Sent: Friday, May 15,
At 8:10 PM +0800 5/15/09, Hui Deng wrote:
>You are right, after IKE phase 1, IPsec SA will be setup,
>traffic selector will be used
>
>Here our requirement is, we still create the IKE SA, but not create IPsec SA.
>the reason for such kind of strange usage is that IKE is already mandated
>there.
>t
> "Tero" == Tero Kivinen writes:
>> The INVALID_SYNTAX notify in response to missing payload in
>> IKE_AUTH should be send encrypted using DH keys or unencrypted ?
Tero> As it is clear that other end is not following the
Tero> specification, i.e. there is bug on the other en
All,
In an attempt to get consensus and closure on some of the open tickets for
traffic visibility, I am providing the following summary. I look forward to
your feedback...
#84: Wesp scope and applicability to encrypted data. Agreed that we will use
Next Header value of zero to denote packet p
You are right, after IKE phase 1, IPsec SA will be setup,
traffic selector will be used
Here our requirement is, we still create the IKE SA, but not create IPsec SA.
the reason for such kind of strange usage is that IKE is already mandated there.
the left is whether it is necessary to use IPsec si
raj singh writes:
> The INVALID_SYNTAX notify in response to missing payload in IKE_AUTH should
> be send encrypted using DH keys or unencrypted ?
As it is clear that other end is not following the specification, i.e.
there is bug on the other end, there is no need to think that much
what you shou
Hi Team,
One more question.
The INVALID_SYNTAX notify in response to missing payload in IKE_AUTH should
be send encrypted using DH keys or unencrypted ?
Thanks,
raj
On Fri, May 15, 2009 at 10:12 AM, raj singh wrote:
> Hi Yoav,
>
> If check for mandatory payloads per exchange type is MUST, if i
13 matches
Mail list logo
