Hi everyone,
I am interested in knowing what are typical maximum sizes for IKEv2 messages
and UDP messages in implementations.
The reason is that the IKEv2's spec has a must and a should being 1280 and 3000
bytes respectively for IKEv2 messages, but does not have a maximum limit.
As you know s
On Wed, 17 Jun 2020, Dang, Quynh H. (Fed) wrote:
I am interested in knowing what are typical maximum sizes for IKEv2 messages
and UDP messages
in implementations.
The reason is that the IKEv2's spec has a must and a should being 1280 and 3000
bytes
respectively for IKEv2 messages, but does n
Hi Quinh,
please look at the draft-ietf-ipsecme-ikev2-multiple-ke-00.
It specifically addresses your concern about large public keys of PQ KE methods.
Actually, it's generally OK to have public keys/signatures up to 64Kbytes.
If you need to deal with larger keys, then some update of the
Thank you Valery and thank you everyone who responded to me.
The approaches in the drafts
https://tools.ietf.org/html/draft-ietf-ipsecme-ikev2-multiple-ke-00#section-1.1
and https://tools.ietf.org/html/draft-ietf-ipsecme-ikev2-intermediate-04 look
good to me.
It looks like if/when someone im
Seems as if the reply to this sub-thread was overlooked, sorry.
In the ACP, a node has multiple IPsec connection, each of which acts like a
virtual link to another node and each of them will carry IPv6 packets
with arbitrary IPv6 source and destination adresses.
So the ideal, most compact option
On Wed, 17 Jun 2020, Toerless Eckert wrote:
These two choices are somewhat arbitrary, i am sure some vendor
not following this draft will later come and complain that he
prefers GRE in tunnel mode or IPinIP tunnel or transport mode,
Note that you cannot _require_ transport mode, as the IKEv2
p
On Wed, Jun 17, 2020 at 01:59:18PM -0400, Paul Wouters wrote:
> On Wed, 17 Jun 2020, Toerless Eckert wrote:
>
> > These two choices are somewhat arbitrary, i am sure some vendor
> > not following this draft will later come and complain that he
> > prefers GRE in tunnel mode or IPinIP tunnel or tra
On Wed, 17 Jun 2020, Toerless Eckert wrote:
Note that you cannot _require_ transport mode, as the IKEv2
protocol only allows you to _suggest_ transport mode. The peer
can reject that suggestion and insist the connection uses
tunnel mode.
But we do define a profile of use of IPsec that both sid
Thank, Paul
Given how you are focussing on this aspect,
can i assume that you are happy with the everything
else in the suggested text ?
Wrt to tunnel vs. transport mode:
If you can, please propose specific text that would improve
the quality of the doc wrt. to your point.
I can only observe:
On Wed, 17 Jun 2020, Toerless Eckert wrote:
Given how you are focussing on this aspect,
can i assume that you are happy with the everything
else in the suggested text ?
I don't know yet. I have to re-read the last draft version.
Wrt to tunnel vs. transport mode:
If you can, please propose s
On Wed, Jun 17, 2020 at 05:07:48PM -0400, Paul Wouters wrote:
> On Wed, 17 Jun 2020, Toerless Eckert wrote:
>
> > Given how you are focussing on this aspect,
> > can i assume that you are happy with the everything
> > else in the suggested text ?
>
> I don't know yet. I have to re-read the last d
Paul Wouters wrote:
>> These two choices are somewhat arbitrary, i am sure some vendor
>> not following this draft will later come and complain that he
>> prefers GRE in tunnel mode or IPinIP tunnel or transport mode,
> Note that you cannot _require_ transport mode, as the IKEv2
Paul Wouters wrote:
> Technically, your profile could say to "request transport mode, and
> refuse the connection if the other end is unwilling to use transport
> mode", but that I would argue that would constitute a protocol
> modification which is not what a profile should do.
On Wed, 17 Jun 2020, Michael Richardson wrote:
Paul Wouters wrote:
> Technically, your profile could say to "request transport mode, and
> refuse the connection if the other end is unwilling to use transport
> mode", but that I would argue that would constitute a protocol
> modifica
On Wed, Jun 17, 2020 at 08:55:12PM -0400, Paul Wouters wrote:
> The RFC states:
>
>The USE_TRANSPORT_MODE notification MAY be included in a request
>message that also includes an SA payload requesting a Child SA. It
>requests that the Child SA use transport mode rather than tunnel mod
15 matches
Mail list logo
