[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: JFK, IKEv2 and ESPUDP

To: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Subject: Re: JFK, IKEv2 and ESPUDP
From: Derek Atkins <warlord@mit.edu>
Date: 12 Dec 2001 17:36:36 -0500
Cc: ipsec@lists.tislabs.com
In-Reply-To: Michael Richardson's message of "Wed, 12 Dec 2001 15:04:58 -0700"
References: <200112122205.fBCM50P00660@marajade.sandelman.ottawa.on.ca>
Sender: owner-ipsec@lists.tislabs.com

Michael Richardson <mcr@sandelman.ottawa.on.ca> writes:

>   While I dislike the kludge which is ESPUDP, and I am very saddened that
> it has put constraints on future keying protocols, I believe that we do need
> a solution to ESP getting through NAT. 
> 
>   It also answer the question of what we do with ESPUDP if adopt JFK on a
> port other than 500.
> 
> { I prefer:
>       IPv4/ESP/IPv6/shipworm-UDP/IPv4
> 
>   this devolves to IPv4/ESP/IPv6 when NAT vendors deploy v6 via 6to4, or when
> native IPv6 is available. Putting 6to4 support into gateways is really easy,
> so don't tell me that IPv6 won't be available on many gateways.}

We have a similar issue with KINK -- the answer is that you need
to make room in the keying protocol to transmit ESPoUDP data within
the "keying" stream.

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available

References:

JFK, IKEv2 and ESPUDP

From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: Re: I-D ACTION:draft-ietf-ipsec-ciph-sha-256-00.txt
Next by Date: Re: I-D ACTION:draft-ietf-ipsec-ciph-sha-256-00.txt
Prev by thread: JFK, IKEv2 and ESPUDP
Next by thread: fragmentation
Index(es):
- Main
- Thread