JFK, IKEv2 and ESPUDP

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

-----BEGIN PGP SIGNED MESSAGE-----


  I was going to ask:
    "if we adopt JFK do we need a new ESPUDP draft?"

  Before I could post that message I talked to Angelos. 
  Within the realm of JFK, Angelos said, "run it (JFK) on port 500 if you like"
 
  This makes me happier about JFK.

  While I dislike the kludge which is ESPUDP, and I am very saddened that
it has put constraints on future keying protocols, I believe that we do need
a solution to ESP getting through NAT. 

  It also answer the question of what we do with ESPUDP if adopt JFK on a
port other than 500.

{ I prefer:
      IPv4/ESP/IPv6/shipworm-UDP/IPv4

  this devolves to IPv4/ESP/IPv6 when NAT vendors deploy v6 via 6to4, or when
native IPv6 is available. Putting 6to4 support into gateways is really easy,
so don't tell me that IPv6 won't be available on many gateways.}

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [
  

    
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys

iQCVAwUBPBfUiIqHRg3pndX9AQHvAQP+KOjq56ZkpgK/CCwGpuw3EjBQdcbimtL/
VcxMr8aP0iM7rQPCGBXJUzN5yD+RhElCg9hlPcWYJPW78BfWwu/CRUzfevVzuLl7
lPHl9DNZNIvTEXjojWOsrnMccigrAYfZaxxR/vc6kQ9PMfCI1U5TqKXHgXyvyd4h
0R4PaJ/MnC4=
=qRik
-----END PGP SIGNATURE-----

---

Follow-Ups:

• Re: JFK, IKEv2 and ESPUDP
• From: Derek Atkins <warlord@mit.edu>

---

• Prev by Date: Re: I-D ACTION:draft-ietf-ipsec-ciph-sha-256-00.txt
• Next by Date: Re: I-D ACTION:draft-ietf-ipsec-ciph-sha-256-00.txt
• Prev by thread: Re: I-D ACTION:draft-ietf-ipsec-ciph-sha-256-00.txt
• Next by thread: Re: JFK, IKEv2 and ESPUDP
• Index(es):
  • Main
  • Thread