Dear IPsec folks,
The ipsecme working group is chartered to come up with a solution for
transporting long IKEv2 messages over networks that do not perform IP
fragmentation correctly, and as a result drop overly long messages,
usually IKE_AUTH messages.
Our original plan was to base the solution on IKE-over-TCP, however the
author of this draft announced that he now prefers a different solution,
similar to the (non-standard) IKEv1 Fragmentation payload that was
implemented by several vendors (see
http://msdn.microsoft.com/en-us/library/cc233251.aspx). We do not want
to end up with a common but non-standard solution in IKEv2, which would
practically guarantee interoperability issues.
As a further data point, we are aware of IPR issues with Microsoft's
solution; we have tried to clarify the issue with Microsoft but have not
been successful yet.
We would like to invite the group to a Virtual Interim Meeting (a.k.a.
conference call), to discuss this problem.
Potential outcomes of the meeting include:
- The group decides that this is not an important problem.
- This is an important problem and we have 1-2 people committed to
author a draft along the lines of the non-standard IKEv1 mechanism.
- This is an important problem and the group is happy to adopt
draft-smyslov-ipsecme-ikev2-fragmentation (which solves the same problem
in a somewhat different fashion).
- The group still prefers IKE-over-TCP and there are committed authors
to continue work on that draft.
We propose to meet Thursday, May 16, at 9:00am PST (16:00 UTC, 12:00
noon EST, 19:00 Israel) for 1 hour. We will publish a bridge number a
week before the meeting.
Please let us know if the date/time absolutely doesn't work for you.
We welcome and invite discussion of these issues on the mailing list
before the meeting.
Thanks,
Paul and Yaron
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
