Re: draft-ietf-ipsec-udp-encaps-00: non-500 ESP encap, 32bits of , i-cookie=0

[Derek Atkins <warlord@mit.edu>]

For NAT traversal, I think it is eminently ideal for the keying and
data streams to share a port..  Otherwise you need twice as many
keepalives to keep the NAT mapping happy.

Speaking as the chair of KINK, I'd like to make sure that KINK does
a similar transposition.  I can certainly see carrying ESP within
KINK-like UDP messages on the KINK port.

-derek

Henry Spencer <henry@spsystems.net> writes:

> If it is utterly necessary for UDP-ESP and IKE to share a port -- which I
> would argue against -- then that should be deemed a special-case exception
> for historical reasons, and we should avoid promulgating general design
> principles which encourage repeating this mistake.  Indeed, we should
> explicitly and loudly recommend *against* repeating this mistake. 
> 
>                                                           Henry Spencer
>                                                        henry@spsystems.net
> 

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available

---

Follow-Ups:

• Re: draft-ietf-ipsec-udp-encaps-00: non-500 ESP encap, 32bits of , i-cookie=0
• From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

References:

• Re: draft-ietf-ipsec-udp-encaps-00: non-500 ESP encap, 32bits of , i-cookie=0
• From: Henry Spencer <henry@spsystems.net>

---

• Prev by Date: SHA2 in AH/ESP
• Next by Date: Re: SHA2 in AH/ESP
• Prev by thread: Re: draft-ietf-ipsec-udp-encaps-00: non-500 ESP encap, 32bits of , i-cookie=0
• Next by thread: Re: draft-ietf-ipsec-udp-encaps-00: non-500 ESP encap, 32bits of , i-cookie=0
• Index(es):
  • Main
  • Thread