Paul Hoffman <paul.hoff...@vpnc.org> wrote:
>> Recently discovered incorrect behavior of ISPs poses a challenge to
>> IKE, whose UDP messages (especially #3 and #4) sometimes get
>> fragmented at the IP level and then dropped by these ISPs. There is
>> interest in solving this issue by allowing transport of IKE over TCP;
>> this is currently implemented by some vendors. The group will
>> standardize such a solution.
I think that we gave up over TCP, and have back to fragmentation inside IKE,
right?
>> The WG will revise the IKEv2 specification with a small number of
>> mandatory tests required for the secure operation of IKEv2 when using
>> elliptic curve cryptography. This work will be based on
>> draft-sheffer-ipsecme-dh-checks.
I think we already completed this?
>> Goals and Milestones:
>>
>> Done - IETF Last Call on large scale VPN use cases and requirements
>> Done - IETF last call on IKE fragmentation solution Done - IETF last
>> call on new mandatory-to-implement algorithms
Seems like we should have more milestones listed.
I'd like to make the puzzle solving work charter.
I imagine that this is a real problem, but I wouldn't mind some data on how
often gateways are being DDoSed.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
pgpM1Y2GN5Yo_.pgp
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
