[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEv2 and NAT traversal

To: Henry Spencer <henry@spsystems.net>
Subject: Re: IKEv2 and NAT traversal
From: Sami Vaarala <sami.vaarala@netseal.com>
Date: Wed, 12 Dec 2001 20:16:52 +0200 (EET)
cc: Markus Stenberg <mstenber@ssh.com>, ipsec@lists.tislabs.com
In-Reply-To: <Pine.BSI.3.91.1011212102435.8693A-100000@spsystems.net>
Sender: owner-ipsec@lists.tislabs.com

On Wed, 12 Dec 2001, Henry Spencer wrote:
> On 12 Dec 2001, Markus Stenberg wrote:
> > > Since that NAT people insisted on running on the same port using a
> > > terrible hack to get around a number of imaginary problems, frankly, I
> > > think that this is the NAT people's problem.
> > 
> > I'm tired of reiterating same stupid arguments over and over. See
> > draft-ietf-ipsec-udp-encaps-justification-00.txt section 7.2.
> 
> Perhaps you need to come up with some non-stupid arguments, because
> section 7.2 is pretty feeble justification for such a gut-wrenchingly bad
> design.

Without going into the question of whether the current traversal
draft should go forward as is, could one of the ikev2 authors comment
on this?

Is there a specific reason why IKEv2 *needs* to break the current
traversal draft?  I don't see a reason myself; why not swap the
order of the cookie (SPI) fields?  (It is actually more common to
have the sender SPI/cookie/port first anyway.)

-Sami

References:

Re: IKEv2 and NAT traversal

From: Henry Spencer <henry@spsystems.net>

Prev by Date: Re: IKEv2 and NAT traversal
Next by Date: Re: I-D ACTION:draft-ietf-ipsec-ciph-sha-256-00.txt
Prev by thread: Re: IKEv2 and NAT traversal
Next by thread: comment on draft-spencer-ipsec-ike-implementation-01.txt
Index(es):
- Main
- Thread