On May 7, 2013, at 4:18 PM, Valery Smyslov
wrote:
>
>
>> The reason > we abandoned this technology is that the broken SOHO devices
>> began to not only drop fragments, but to also
>> drop anything that wasn't TCP to a specific group of ports. IKE-over-TCP
>> could not solve this issue.
>
>
Hi Yoav,
I agree with your conclusion (that we should do an IKE fragment thing,
maybe based on your draft).
However, 2 comments:
1. You can never know if anything is IPR free. At best you can say that
nobody has said anything yet.
Yes, I agree. I only meant that neither I, nor my company
Hi Valery.
I agree with your conclusion (that we should do an IKE fragment thing, maybe
based on your draft).
However, 2 comments:
1. You can never know if anything is IPR free. At best you can say that nobody
has said anything yet.
2. IKE over TCP has worked for over 10 years in my company
Hi alll,
before the meeting I'd like to express some thoughts about the topic.
First, I think this is a very important problem. Untill we implemented
IKE fragmentation, many of our "road warrior" customers complained that
they couldn't use IPsec from public places, like hotels, restaraunts etc.
Dear IPsec folks,
The ipsecme working group is chartered to come up with a solution for
transporting long IKEv2 messages over networks that do not perform IP
fragmentation correctly, and as a result drop overly long messages,
usually IKE_AUTH messages.
Our original plan was to base the solut