Hi Valery,
On Wed, November 7, 2012 10:18 pm, Valery Smyslov wrote:
> Hi Dan,
>
> I suspect the IKEv3 in its current form is susceptible to very simple DoS
> attack.
> Suppose we have Alice, Bob and Malory. Alice wants to communicate with
> Bob,
> Malory wants to not allow her to do it. For thi
Hi Dan,
I suspect the IKEv3 in its current form is susceptible to very simple DoS
attack.
Suppose we have Alice, Bob and Malory. Alice wants to communicate with Bob,
Malory wants to not allow her to do it. For this Malory sends INIT packet to
Bob
pretending to be Alice (this packet may have fa
(dbrownhi)
Cc: Dan Harkins; ipsec@ietf.org
Subject: RE: [IPsec] New I-D on IKEv3
Hi David,
On Wed, October 17, 2012 11:36 am, David Brownhill (dbrownhi) wrote:
> Hi Dan,
>
> The lack or EAP authentication would be a non-starter for us to
> implement this in our remote access VPN
On Oct 18, 2012, at 2:26 AM, Dan Harkins wrote:
>
> Hi David,
>
> On Wed, October 17, 2012 11:36 am, David Brownhill (dbrownhi) wrote:
>> Hi Dan,
>>
>> The lack or EAP authentication would be a non-starter for us to implement
>> this in our remote access VPN client. Why not support EAP authe
emote access VPN client. Why not support EAP
>> authentication?
>>
>> Regards,
>> David
>>
>> -Original Message-
>> From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf
>> Of Dan Harkins
>> Sent: Friday, October 12, 201
ted in using with EAP?
Dan.
> Regards,
> David
>
> -Original Message-
> From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of
> Dan Harkins
> Sent: Friday, October 12, 2012 7:02 PM
> To: ipsec@ietf.org
> Subject: [IPsec] New I-D on IKEv3
>
&
02 PM
> To: ipsec@ietf.org
> Subject: [IPsec] New I-D on IKEv3
>
>
> Hello,
>
> I just submitted a new I-D that defines version 3 of IKE. The goals of this
> draft are to make a more easily understood, and simpler protocol that has a
> high degree of probability of achiev
: Friday, October 12, 2012 7:02 PM
To: ipsec@ietf.org
Subject: [IPsec] New I-D on IKEv3
Hello,
I just submitted a new I-D that defines version 3 of IKE. The goals of this
draft are to make a more easily understood, and simpler protocol that has a
high degree of probability of achieving
Hi Paul,
On Sat, October 13, 2012 2:35 pm, Paul Wouters wrote:
> On Fri, 12 Oct 2012, Dan Harkins wrote:
>
>> Subject: [IPsec] New I-D on IKEv3
>
> Some remarks
>
> - stateless IKE
>
> I like not dealing with lingering IKE SA's, but how to tell if a
> con
On Sat, Oct 13, 2012 at 4:35 PM, Paul Wouters wrote:
> On Fri, 12 Oct 2012, Dan Harkins wrote:
> - I'm still not a fan of narrowing, see my earlier comments on ipsecme.
> It destroys the concept of a tunnel being "up" or "down". If you
> insist on narrowing, clearly state what should happen fo
On Fri, 12 Oct 2012, Dan Harkins wrote:
Subject: [IPsec] New I-D on IKEv3
Some remarks
- stateless IKE
I like not dealing with lingering IKE SA's, but how to tell if a
connection is dead? idletime on the IPsec SA? How to do DPD?
When a roadwarrior pops up at IP A, and then at IP B
Hello,
I just submitted a new I-D that defines version 3 of IKE. The goals of
this draft are to make a more easily understood, and simpler protocol
that has a high degree of probability of achieving interoperability. It
should be easier to read, easier to understand, and easier to implement.
12 matches
Mail list logo