On May 16, 2013, at 9:57 AM, Yaron Sheffer <yaronf.i...@gmail.com> wrote:
> Hi, > > As promised, we just had a virtual interim meeting to discuss IKEv2 > fragmentation. Please see the minutes below (thanks Paul!). > > Following up on this meeting, we would like to confirm the decision on the > mailing list: > > - The group still thinks this is an important problem that needs an > interoperable solution. > - We would like to abandon the work on IKE-over-TCP. > - And to work on IKEv2 protocol-level fragmentation, using > draft-smyslov-ipsecme-ikev2-fragmentation as a starting point. > > Please send your approval, disapproval or comments to the list within a week > (until May 23). I approve. [snip] > Yaron: do we want to stay with the current TCP-based solution? > Brian: might be running on sensors that don't have a TCP stack Someone made this comment, but it wasn't me. I did mention that the current TCP-based solution has the advantage of only re-sending the missing TCP segment, whereas current and proposed UDP-based fragmentation solutions re-send all packet fragments. That could be valuable for a VPN gateway with many peers with a lossy network. But that doesn't seem enough of a justification to stay with the current TCP-based solution. Brian _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
