On Mar 28, 2012, at 2:12 PM, Michael Richardson wrote: > >>>>>> "Yoav" == Yoav Nir <y...@checkpoint.com> writes: > Yoav> If I had to guess the reasons for the slow adoption of IKEv2, > Yoav> I would guess that it's because IKEv1 (with XAuth/hybrid, > Yoav> Config, odd-numbered messages, and poor PSK support for mobile > Yoav> peers) just works. The big vendors have at least server-side > Yoav> support, and Microsoft has a client in Win7. I think EAP is a > Yoav> hindrance, because XAuth works better with older backend > Yoav> servers. > > Let me suggest that enhancements to IKEv1 are point releases, for which > you get with your maintenance. > But, IKEv2 is a major release, for which the customer pays again.
I don't know about other vendors, but for us IKEv2 was introduced in a version called R71. Customers eventually do upgrade, whether it's to get IKEv2 or get one of the other features. Similarly in Windows, customers buy Windows 7 for the 64-bit support, or the aero interface, or for IPv6 support, and they also get the IKEv2. I don't think anyone is going to add new enhancements to old releases now, unless those "enhancements" begin with the words "prevent an attack where…" _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec