Hello,
Not sure if this is the right place to ask this, but I am not getting
any other mailing list.
Can someone point me to a software implementation of EAP-AKA
algorithm
(calculation of IK/CK/RES/MAC) on USIM,
when the sim gets a EAP-Challenge request.
Thanks,
-Original Message-
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Nico
Williams
Sent: Saturday, January 21, 2012 3:10 AM
To: Prashant Batra (prbatra)
Cc: ipsec@ietf.org
Subject: Re: [IPsec] query related to rekey
On Fri, Jan 20, 2012 at 3:10 PM, Prashant
-Original Message-
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf
Of Nico Williams
Sent: Saturday, January 21, 2012 2:19 AM
To: Prashant Batra (prbatra)
Cc: ipsec@ietf.org
Subject: Re: [IPsec] query related to rekey
On Fri, Jan 20, 2012 at 2:18 PM, Prashant Batra
Hi,
Section 2.8 of rfc-5996 states handling for rekeying. The text-
>From a technical correctness and interoperability perspective, the
responder MAY begin sending on an SA as soon as it sends its response
to the CREATE_CHILD_SA request. In some situations, however, this
could res
Hi,
I have a question on possible collision that can occur during initial
exchange (INIT).
If two peers send INIT_REQ at the same time,
maybe because of some data which matches the traffic_selector on both
the peers, how a peer should decide whether it has to drop
the request and wait for
Hi,
I think that’s fine. You are correct. I re-read the section.
Regards,
Prashant
-Original Message-
From: Prashant Batra (prbatra)
Sent: Friday, November 25, 2011 6:09 PM
To: 'Valery Smyslov'; ipsec@ietf.org
Subject: RE: [IPsec] Contradiction in RFC5996
Still I think n
.
Regards,
Prashant
-Original Message-
From: Valery Smyslov [mailto:sva...@gmail.com]
Sent: Friday, November 25, 2011 6:42 PM
To: Prashant Batra (prbatra); ipsec@ietf.org
Subject: Re: [IPsec] Contradiction in RFC5996
The question is: what should SPI field of a CHILD_SA_NOT_FOUND notification
,
Prashant
-Original Message-
From: Valery Smyslov [mailto:sva...@gmail.com]
Sent: Friday, November 25, 2011 5:13 PM
To: Prashant Batra (prbatra); ipsec@ietf.org
Subject: Re: [IPsec] Contradiction in RFC5996
Yes, paragraph 3.10 gives a generic rule, that SPI field
in Notify Payload must refer to
No, in my understanding, we should not send SPI value in Notify payload
telling CHILD_SA_NOT_FOUND.
As the SPI sent by the initiator of rekey has sent wrong SPI, which the
responder doesn't have.
Thus, first paragraph states correctly.
Thanks,
Prashant
-Original Message-
From: ipsec-boun.
Hello,
One basic question related to IPSec processing on gateway.
I have established IPSec tunnels between two gateway (gw1 and gw2). On
gw1 I am using Linux kernel IPSec (a normal linux server which will act
as gateway).
The SPD and SAD database on gw1 is-
gw1#ip xfrm policy
src 172.16.
best suited
auth mechanisms for a particular client.
Regards,
Prashant
-Original Message-
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf
Of Yoav Nir
Sent: Tuesday, October 25, 2011 5:59 PM
To: Prashant Batra (prbatra); Glen Zorn
Cc: ipsec@ietf.org
Subject: Re: [IPsec
ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf
Of Glen Zorn
Sent: Tuesday, October 25, 2011 3:46 PM
To: Yoav Nir
Cc: ipsec@ietf.org; Prashant Batra (prbatra)
Subject: Re: [IPsec] eap-md5 based authentication
On 10/25/2011 3:35 PM, Yoav Nir wrote:
> Hi Prashant.
>
>
Hello,
I am facing some problem in calculating md5-challenge response.
What I am doing is simply MD5(Identifier | | ).
The challenge response is somehow wrong.
Is it correct to say that Challenge value used as input to md5 is the
same value what is in the EAP payload (type md5-challenge
sec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf
Of Tero Kivinen
Sent: Tuesday, August 30, 2011 3:27 PM
To: Prashant Batra (prbatra)
Cc: ipsec@ietf.org
Subject: [IPsec] Multiple Child-SA in a single exchnage
Prashant Batra (prbatra) writes:
> If the user knows that it has to esta
Hello,
The Ikev2 protocol seems to be very flexible in sending payloads in the
messages.
We can specify multiple proposals of same protocol or of different
protocol (AH/ESP) in SA payload. We can also specify multiple traffic
selectors in the TS payload.
But all this will result in one IPsec
seems redundant.
If you or the group can appreciate this, I can think and come up with
some ideas.
Regards,
Prashant
-Original Message-
From: Paul Hoffman [mailto:paul.hoff...@vpnc.org]
Sent: Saturday, August 27, 2011 12:16 AM
To: Prashant Batra (prbatra)
Cc: ipsec@ietf.org
Subject: Re: [
Hello,
RFC-4555 (IKEv2 Mobility and Multihoming Protocol (MOBIKE)) defines the
extension of IKEv2 to support mobile users to offer seamless services
when connected using IPSec
and also the support for SCTP multi-homing in override mode.
To support a load-share model for SCTP(2 associations
Hello,
IPSec in linux kernel doesn't seem to work with packets sent
from RAW socket.
I think this is as per the design of RAW socket, that they bypass the
transport layer. But as they enter the core IP layer, and there is a
policy to protect, they should get protected. But this does not ha
From: Yaron Sheffer [mailto:yaronf.i...@gmail.com]
Sent: Tuesday, July 26, 2011 4:47 PM
To: Yoav Nir
Cc: Prashant Batra (prbatra); ipsec@ietf.org
Subject: Re: [IPsec] DH keys calculation performance
You might want to review
http://tools.ietf.org/html/rfc5996#section-2.12.
Also, session
Hello,
The DH exchange (Calculation of Public/Private key and the Secret) in
IKEV2 Initial exchange
seems to be very expensive. This is slowing down the overall IKEv2
tunnel establishment.
Is there a way to optimize it?
Regards,
Prashant
___
IPsec mai
the same on
receiving AUTHENTICATION FAILED alone.
Regards,
Prashant
From: Scott C Moonen [mailto:smoo...@us.ibm.com]
Sent: Wednesday, April 27, 2011 5:54 PM
To: Prashant Batra (prbatra)
Cc: ipsec@ietf.org; ipsec-boun...@ietf.org
Subject: Re: [IPsec] Query regarding IKE_SA_AUTH
Hi,
I have 2 doubts regarding IKEv2,
1) If in IKE_AUTH request message initiator sends a ID_R
payload(optional) specifying a particular peer identity, and the
responder
sends some different identity in the ID_R payload, what should be the
behavior? Should we send a AUTHENTICATION failure message
22 matches
Mail list logo
