Hi I've just posted version -01 of the draft, which I think addresses the issues discussed at the F2F in Atlanta:
- Added a port specification to the notification (and so, port agility for when the IKE peer is behind NAT) - Added the notification to the Initiator as well, so that it can advertise its port - Added discussion in section 2.1 about the not using a different transport for the same request with a stateless cookie. - Added advice against sending a stateless cookie in the response to TCP. - Added a NAT considerations section (3.2) As Paul said at the meeting, we will need a couple of more rounds of this, and I believe in publishing often, so keep those comments coming. Yoav Begin forwarded message: From: <internet-dra...@ietf.org<mailto:internet-dra...@ietf.org>> Subject: New Version Notification for draft-ietf-ipsecme-ike-tcp-01.txt Date: December 4, 2012 12:34:04 AM GMT+02:00 To: <y...@checkpoint.com<mailto:y...@checkpoint.com>> A new version of I-D, draft-ietf-ipsecme-ike-tcp-01.txt has been successfully submitted by Yoav Nir and posted to the IETF repository. Filename: draft-ietf-ipsecme-ike-tcp Revision: 01 Title: A TCP transport for the Internet Key Exchange Creation date: 2012-12-04 WG ID: ipsecme Number of pages: 9 URL: http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-ike-tcp-01.txt Status: http://datatracker.ietf.org/doc/draft-ietf-ipsecme-ike-tcp Htmlized: http://tools.ietf.org/html/draft-ietf-ipsecme-ike-tcp-01 Diff: http://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-ike-tcp-01 Abstract: This document describes using TCP for IKE messages. This facilitates the transport of large messages over paths where fragments are either dropped, or where packet loss makes the use of large UDP packets unreliable.
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec