Hello!
I've updated IKEv3 and the new version has been posted (see below).
Major changes are:
* support for NAT-T (which is different than the way it was done in
prior versions of IKE, please take a look at it).
* addressing the MiTM attack Valery Smyslov brought up on the list.
* allowing more than one IKE SA per peer (which was kind of necessary
to support NATs).
I look forward to hearing any comments or issues people have with
this protocol. As usual, if you plan on implementing it and would like
to interoperate I'd love to hear from you.
regards,
Dan.
----------------------------------------------------------
A new version of I-D, draft-harkins-ikev3-01.txt
has been successfully submitted by Dan Harkins and posted to the
IETF repository.
Filename: draft-harkins-ikev3
Revision: 01
Title: The (Real) Internet Key Exchange
Creation date: 2013-04-12
Group: Individual Submission
Number of pages: 43
URL:
http://www.ietf.org/internet-drafts/draft-harkins-ikev3-01.txt
Status: http://datatracker.ietf.org/doc/draft-harkins-ikev3
Htmlized: http://tools.ietf.org/html/draft-harkins-ikev3-01
Diff: http://www.ietf.org/rfcdiff?url2=draft-harkins-ikev3-01
Abstract:
The current version (v2) of the Internet Key Exchange failed to
address many of the shortcomings of the original version (v1). This
memo defines a new version (v3) of the Internet Key Exchange that
attempts to do so.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
