Re: [IPsec] Issue #194 - Security Considerations should discuss the threat

On Oct 21, 2010, at 11:59 AM, Tero Kivinen wrote: > The section 10.4 seems to assume that attacker cannot force the load > balancer to send the faked packet to any other cluster member than the > one mapped by the source IP-address of the packet. As the algorithm > how the load balancer really

[IPsec] Issue #197 - More text needed to describe RFC4306^H^H^H^H5996 recovery

Hi all. Tero Kivinen sent the message included below to the mailing list on September 8th. I am fine with this text. Please read it thoroughly, and if there are no objections, I will incorporate it into the next version of the draft (which I intend to publish at the last possible moment on Mon

[IPsec] Failure Detection - status of some issues

#195 was closed as a duplicate of (the already closed) #191. #193, #194, and #197 will be closed with the publishing of draft -02. #202 (below) is newly submitted, and I expect a lively discussion of it in Beijing. It's fine to discuss it between now and then, as well as #198-#201, but if you ha

Re: [IPsec] Failure Detection - status of some issues

allowing the maker to push the token, but at the cost of bandwidth and > complexity. > > Thanks, > Yaron > > On 10/24/2010 10:55 AM, Yoav Nir wrote: >> #195 was closed as a duplicate of (the already closed) #191. >> #193, #194, and #197 will be closed with the

[IPsec] Fwd: [core] Review of draft-ietf-core-coap-03

Hi all The message below is Ekr's review of the CoAP draft. The IPsec part (relates mostly to section 10.1) might be of interest to this working group. I'd go further than Ekr, and say that IPsec should not be used without IKE. I'm not sure whether or not section 10.1 is there because they actu

Re: [IPsec] HA protocol replay protection

As a general principle, yes. But the HA extension already assumes that due to the failover, there is some discrepancy. The easy way out would be to write a protocol extension that just detects this discrepancy and kills the IKE SA. But that would mean a lot of IKE SA setups following a fail-over

[IPsec] Agenda items for the IPsecME meeting

Hi, all In case you missed it, we have the following 2-hour slot for IETF 123: ipsecme Session 1 (2:00 requested) Thursday, 24 July 2025, Session III 1430-1630 Europe/Madrid Room Name: Castilla [Breakout 5] (size: 175) If you would like a time slot for this meeting, please send your req

[IPsec] Draft agenda

Hi, all I’ve thrown together an initial agenda. https://datatracker.ietf.org/meeting/123/materials/agenda-123-ipsecme-01.md The agenda is quite full, although maybe we can squeeze a little more. There’s a whole lot of post-quantum stuff in there - definitely the hot topic in the security area.

[IPsec] Publication has been requested for draft-ietf-ipsecme-ipv6-ipv4-codes-04

Yoav Nir has requested publication of draft-ietf-ipsecme-ipv6-ipv4-codes-04 as Proposed Standard on behalf of the IPSECME working group. Please verify the document's state at https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ipv6-ipv4-

[IPsec] Publication has been requested for draft-ietf-ipsecme-ikev2-intermediate-07

Yoav Nir has requested publication of draft-ietf-ipsecme-ikev2-intermediate-07 as Proposed Standard on behalf of the IPSECME working group. Please verify the document's state at https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-interme

<    4   5   6   7   8   9