Re: [IPsec] New draft posted

2010-05-03 Thread Pasi.Eronen
Jitender Arora wrote: > The application where it is required now is the load balancing of > the IPSEC tunnels. Suppose in a network there are 10 Security-Gateways > and each of these security gateways can handle 20 IPSEC tunnels > using the IKEv2 signaling. Now for this network if we need

Re: [IPsec] Start of WG Last Call on draft-ietf-ipsecme-eap-mutual (EAP-Only Authentication)

2010-05-03 Thread Martin Willi
Hi, > Thus, this starts the two-week WG Last Call on "An Extension for > EAP-Only Authentication in IKEv2", > . Please > send any comments on the document to the mailing list. Support, > criticism, and suggestions for additions or change

Re: [IPsec] Start of WG Last Call on draft-ietf-ipsecme-eap-mutual (EAP-Only Authentication)

2010-05-03 Thread Yoav Nir
Can't compete with Martin's "running code", but I have a few comments. Before that, the draft seems good, and easy to follow. I think developers who have never heard of the IPsec list should have no problem reading and implementing this correctly. Having said that, here's two comments. The intr

Re: [IPsec] IPsec HA problem statement

2010-05-03 Thread Yoav Nir
Well, this draft is kind of a smorgasbord of issues, so once the issue that bothers you is in there, you're not that interested any more. I would like to post another draft with section 3.7 that I posted on the list on 25-Apr, and unless anyone has another issue that's not addressed, I think we

Re: [IPsec] IPsec HA problem statement

2010-05-03 Thread Yoav Nir
Well, this draft is kind of a smorgasbord of issues, so once the issue that bothers you is in there, you're not that interested any more. I would like to post another draft with section 3.7 that I posted on the list on 25-Apr, and unless anyone has another issue that's not addressed, I think we

Re: [IPsec] IPsec HA problem statement

2010-05-03 Thread Yoav Nir
Sorry for the dual post. Some mail client problem. ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec

Re: [IPsec] New draft posted

2010-05-03 Thread Tero Kivinen
Jitender Arora writes: > Currently the IKEv2 does not allow the IKEv2 signaling and the > IPSEC traffic to go to different IP addresses, so this is the > problem this draft is trying to solve. > > The application where it is required now is the load balancing > of the IPSEC tu

[IPsec] Password-based authentication - new draft posted

2010-05-03 Thread Dennis Kügler
The new draft describing the integration of PACE (Password Authenticated Connection Establishment) in IKEv2 has been posted to the I-D repository: http://www.ietf.org/id/draft-kuegler-ipsecme-pace-ikev2-00.txt I'm looking forward to receive your comments. Best regards, Dennis _

Re: [IPsec] Start of WG Last Call on draft-ietf-ipsecme-eap-mutual (EAP-Only Authentication)

2010-05-03 Thread Yaron Sheffer
Hi Martin, thanks for your comments. Some responses below. Yaron On 05/03/2010 12:13 PM, Martin Willi wrote: Hi, Thus, this starts the two-week WG Last Call on "An Extension for EAP-Only Authentication in IKEv2", . Please s

Re: [IPsec] Start of WG Last Call on draft-ietf-ipsecme-eap-mutual (EAP-Only Authentication)

2010-05-03 Thread Yaron Sheffer
Hi Yoav, please see some comments below. Thanks, Yaron On 05/03/2010 01:00 PM, Yoav Nir wrote: Can't compete with Martin's "running code", but I have a few comments. Before that, the draft seems good, and easy to follow. I think developers who have never heard of the IPsec list shoul

Re: [IPsec] Start of WG Last Call on draft-ietf-ipsecme-eap-mutual (EAP-Only Authentication)

2010-05-03 Thread Andreas Steffen
Hi Yaron, I actually see a need for TLS-type IKEv2 EAP protocols in the context of IPsec-based Network Endpoint Assessment (NEA, RFC 5209). The recent proposal for an EAP-PT transport protocol http://tools.ietf.org/html/draft-hanna-nea-pt-eap-00 says in section 1. Introduction: ... EA