[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-ipsec-udp-encaps-00: non-500 ESP encap, 32bits of , i-cookie=0
For NAT traversal, I think it is eminently ideal for the keying and
data streams to share a port.. Otherwise you need twice as many
keepalives to keep the NAT mapping happy.
Speaking as the chair of KINK, I'd like to make sure that KINK does
a similar transposition. I can certainly see carrying ESP within
KINK-like UDP messages on the KINK port.
-derek
Henry Spencer <henry@spsystems.net> writes:
> If it is utterly necessary for UDP-ESP and IKE to share a port -- which I
> would argue against -- then that should be deemed a special-case exception
> for historical reasons, and we should avoid promulgating general design
> principles which encourage repeating this mistake. Indeed, we should
> explicitly and loudly recommend *against* repeating this mistake.
>
> Henry Spencer
> henry@spsystems.net
>
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
Follow-Ups:
References: