Re: [IPsec] IPsecME virtual meeting minutes, and way forward with fragmentation
+1 Kind Regards, Raj -Original Message- From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Brian Weis (bew) Sent: Friday, May 17, 2013 5:25 AM To: Yaron Sheffer Cc: IPsecme WG Subject: Re: [IPsec] IPsecME virtual meeting minutes, and way forward with fragmentation On May 16, 2013, at 9:57 AM, Yaron Sheffer yaronf.i...@gmail.com wrote: Hi, As promised, we just had a virtual interim meeting to discuss IKEv2 fragmentation. Please see the minutes below (thanks Paul!). Following up on this meeting, we would like to confirm the decision on the mailing list: - The group still thinks this is an important problem that needs an interoperable solution. - We would like to abandon the work on IKE-over-TCP. - And to work on IKEv2 protocol-level fragmentation, using draft-smyslov-ipsecme-ikev2-fragmentation as a starting point. Please send your approval, disapproval or comments to the list within a week (until May 23). I approve. [snip] Yaron: do we want to stay with the current TCP-based solution? Brian: might be running on sensors that don't have a TCP stack Someone made this comment, but it wasn't me. I did mention that the current TCP-based solution has the advantage of only re-sending the missing TCP segment, whereas current and proposed UDP-based fragmentation solutions re-send all packet fragments. That could be valuable for a VPN gateway with many peers with a lossy network. But that doesn't seem enough of a justification to stay with the current TCP-based solution. Brian ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] IPsecME virtual meeting minutes, and way forward with fragmentation
On May 17, 2013, at 2:54 AM, Brian Weis b...@cisco.com wrote: [snip] Yaron: do we want to stay with the current TCP-based solution? Brian: might be running on sensors that don't have a TCP stack Someone made this comment, but it wasn't me. That was Daniel. Yoav ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] IPsecME virtual meeting minutes, and way forward with fragmentation
yes, that was me. Daniel On 05/17/2013 10:08 AM, Yoav Nir wrote: On May 17, 2013, at 2:54 AM, Brian Weis b...@cisco.com wrote: [snip] Yaron: do we want to stay with the current TCP-based solution? Brian: might be running on sensors that don't have a TCP stack Someone made this comment, but it wasn't me. That was Daniel. Yoav ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] IPsecME virtual meeting minutes, and way forward with fragmentation
On Thu, 16 May 2013, Yaron Sheffer wrote: As promised, we just had a virtual interim meeting to discuss IKEv2 fragmentation. Please see the minutes below (thanks Paul!). Following up on this meeting, we would like to confirm the decision on the mailing list: - The group still thinks this is an important problem that needs an interoperable solution. - We would like to abandon the work on IKE-over-TCP. - And to work on IKEv2 protocol-level fragmentation, using draft-smyslov-ipsecme-ikev2-fragmentation as a starting point. Sorry I missed the meeting. I approve of the conclusions reached. Paul ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] IPsecME virtual meeting minutes, and way forward with fragmentation
Hi, I approved the conclusion. Regards, Valery. - The group still thinks this is an important problem that needs an interoperable solution. - We would like to abandon the work on IKE-over-TCP. - And to work on IKEv2 protocol-level fragmentation, using draft-smyslov-ipsecme-ikev2-fragmentation as a starting point. Please send your approval, disapproval or comments to the list within a week (until May 23). ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] IPsecME virtual meeting minutes, and way forward with fragmentation
+1 On May 16, 2013, at 10:43 PM, Valery Smyslov sva...@gmail.com wrote: Hi, I approved the conclusion. Regards, Valery. - The group still thinks this is an important problem that needs an interoperable solution. - We would like to abandon the work on IKE-over-TCP. - And to work on IKEv2 protocol-level fragmentation, using draft-smyslov-ipsecme-ikev2-fragmentation as a starting point. Please send your approval, disapproval or comments to the list within a week (until May 23). ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] IPsecME virtual meeting minutes, and way forward with fragmentation
On May 16, 2013, at 9:57 AM, Yaron Sheffer yaronf.i...@gmail.com wrote: Hi, As promised, we just had a virtual interim meeting to discuss IKEv2 fragmentation. Please see the minutes below (thanks Paul!). Following up on this meeting, we would like to confirm the decision on the mailing list: - The group still thinks this is an important problem that needs an interoperable solution. - We would like to abandon the work on IKE-over-TCP. - And to work on IKEv2 protocol-level fragmentation, using draft-smyslov-ipsecme-ikev2-fragmentation as a starting point. Please send your approval, disapproval or comments to the list within a week (until May 23). I approve. [snip] Yaron: do we want to stay with the current TCP-based solution? Brian: might be running on sensors that don't have a TCP stack Someone made this comment, but it wasn't me. I did mention that the current TCP-based solution has the advantage of only re-sending the missing TCP segment, whereas current and proposed UDP-based fragmentation solutions re-send all packet fragments. That could be valuable for a VPN gateway with many peers with a lossy network. But that doesn't seem enough of a justification to stay with the current TCP-based solution. Brian ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec