[IPsec] I-D Action:draft-ietf-ipsecme-failure-detection-01.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Maintenance and Extensions Working Group of the IETF. Title : A Quick Crash Detection Method for IKE Author(s) : Y. Nir, et al. Fil

Re: [IPsec] I-D Action:draft-ietf-ipsecme-failure-detection-01.txt

Hi all This version resolves issues #189, #190, #191, and #192. Also the content of section 9.3 has been moved to section 10.4 because, as Frederic pointed out, it's more a security considerations than operational. Yoav On Oct 10, 2010, at 10:30 AM, wrote: > A New Internet-Draft is availa

Re: [IPsec] I-D Action:draft-ietf-ipsecme-failure-detection-01.txt

There's a typo in Sec. 3, "These are the final IKE_AUTH request..." should be "the first". More importantly, I think this new text is a bit wimpy... "To ensure this, token makers MUST use a good pseudo-random number generator to generate the IKE SPIs." I would have preferred "To ensure this, t

Re: [IPsec] IANA port number assignment name for IKEv2

On Sat, 9 Oct 2010 15:00:49 -0400, Dan McDonald wrote: > On Sat, Oct 09, 2010 at 12:56:04PM -0400, micah anderson wrote: > > > > > RFC2409 has been obsoleted by 4306 which was then obsoleted by 5996. My > > understanding of obsoleted rfcs means that what they contain is no > > longer valid. RF

[IPsec] I-D Action:draft-ietf-ipsecme-ipsecha-protocol-01.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Maintenance and Extensions Working Group of the IETF. Title : Protocol Support for High Availability IKEv2/IPsec Author(s) : R. Jenwar, et

[IPsec] Fwd: RFC 6023 on A Childless Initiation of the Internet Key Exchange Version 2 (IKEv2) Security Association (SA)

This RFC was published outside the working group, as an independent submission. FYI. Original Message Subject: RFC 6023 on A Childless Initiation of the Internet Key Exchange Version 2 (IKEv2) Security Association (SA) Date: Sun, 10 Oct 2010 17:11:30 -0700 (PDT) From: rfc-edi

[IPsec] Issue #193 - Is section 10.4 needed

Hi. In -00 this section was labeled 9.3. This issue is very much about substance, so we would very much like to see discussion of it. Ultimately it goes to the question of whether and when the methods in 5.1 and 5.2 should be recommended. Yaron: 10.4: this entire discussion is probably redund

[IPsec] Issue #194 - Security Considerations should discuss the threat

Yaron: The security considerations are focused on details of the QCD solution, rather then on the threats we are dealing with. These threats are non-trivial to describe, since an active MITM attacker can easily cause an IKE SA to be reset. OTOH, we don't want an active non-MITM attacker to be ab