Hi Tero,
thank you for this review.
> I was doing the review of the draft-ietf-ipsecme-rfc8229bis while
> doing the shepherd writeup, and here are my comments to the draft.
>
> In section 7.5:
> --
>If a NAT is detected due
I can take the blame for that. I started doing my AD review of all three
together, but it got preempted by some combination of $dayjob and IESG
telechats. I'm trying to prioritize clearing pending DISCUSSes in the
first half of this week, as there's something of a deadline for them, but
hope to b
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions WG of
the IETF.
Title : Internet Key Exchange Protocol Version 2 (IKEv2)
Configuration for Encrypted DNS
Authors
Hi all,
This version makes it explicit that we don't support the aliasmode. We also
made some minor edits to enhance the readability of the spec.
We don't hear any follow-up to our query at
https://mailarchive.ietf.org/arch/msg/ipsec/l8dc3qqt60f0L12rhuKB27sXooI/ and we
don't have any other p
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions WG of
the IETF.
Title : TCP Encapsulation of IKE and IPsec Packets
Authors : Valery Smyslov
Hi,
this version addresses Tero's comments.
Regards,
Valery.
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the IP Security Maintenance and Extensions WG of
> the IETF.
>
> Title : TCP Encapsulation of IKE a
Ben,
Thank you for the response (and your work as AD ;-).
I take it that is now on Roman to progress the document.
Lou
On 3/22/2022 4:46 AM, Benjamin Kaduk wrote:
I can take the blame for that. I started doing my AD review of all three
together, but it got preempted by some combination of $d
Valery Smyslov writes:
> Changed to:
>
>If a NAT is detected due to the SHA-1 digests not matching the
>expected values, no change should be made for encapsulation of
>subsequent IKE or ESP packets, since TCP encapsulation inherently
>supports NAT traversal. However, for the trans
On Tue, 22 Mar 2022, Tero Kivinen wrote:
So having few words here for mobike case would be useful too.
Especially pointing out that this is not specific to the TCP
encapsulation, this is generic thing that is done when using mobike
regardless whether you use TCP or not..
There was some talk fr
Paul Wouters writes:
> On Tue, 22 Mar 2022, Tero Kivinen wrote:
>
> > So having few words here for mobike case would be useful too.
> > Especially pointing out that this is not specific to the TCP
> > encapsulation, this is generic thing that is done when using mobike
> > regardless whether you us
> > > Also note that as described in the RFC 4555 section 3.5 the mobike
> > > requires retransmit of all outstanding IKE exchanges after the address
> > > update, and we should most likely make a note of that here too.
> > >
> > > I.e. note that RFC4555 has following sentence:
> > > --
11 matches
Mail list logo
