Hi Tero,
From a gateway perspective having a standardized implementation from terminals
for tcp encapsulation of ipsec is something which is needed.
The untrusted Wi-Fi architecture defined in 3gpp is used for voice traffic, and
is being deployed by multiple carriers.
The mobile device may be
On Wed, 16 Sep 2015, Yoav Nir wrote:
This draft is proposing both IKE and ESP over the TCP connection, so the
protocol will work in situations where UDP (even with fragmentation at the IKE
rather than IP layer) fails.
We’ve had something like this working with IKEv1 for over 10 years. Many
Hi Paul,
I encourage you to read the new draft, as I believe it addresses many of your
concerns. It covers the potential new vulnerabilities (RST), as well as how to
frame the datagrams in a stream along with an explanation of performance
concerns. It also makes it clear that TCP should only