Hello! I've updated IKEv3 and the new version has been posted (see below). Major changes are:
* support for NAT-T (which is different than the way it was done in prior versions of IKE, please take a look at it). * addressing the MiTM attack Valery Smyslov brought up on the list. * allowing more than one IKE SA per peer (which was kind of necessary to support NATs). I look forward to hearing any comments or issues people have with this protocol. As usual, if you plan on implementing it and would like to interoperate I'd love to hear from you. regards, Dan. ---------------------------------------------------------- A new version of I-D, draft-harkins-ikev3-01.txt has been successfully submitted by Dan Harkins and posted to the IETF repository. Filename: draft-harkins-ikev3 Revision: 01 Title: The (Real) Internet Key Exchange Creation date: 2013-04-12 Group: Individual Submission Number of pages: 43 URL: http://www.ietf.org/internet-drafts/draft-harkins-ikev3-01.txt Status: http://datatracker.ietf.org/doc/draft-harkins-ikev3 Htmlized: http://tools.ietf.org/html/draft-harkins-ikev3-01 Diff: http://www.ietf.org/rfcdiff?url2=draft-harkins-ikev3-01 Abstract: The current version (v2) of the Internet Key Exchange failed to address many of the shortcomings of the original version (v1). This memo defines a new version (v3) of the Internet Key Exchange that attempts to do so. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec