[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKEv2 and NAT traversal
Jayant Shukla wrote:
> Very interesting! This is the approach that I had proposed @ San Diego.
> Essentially you can take two* approaches to solving the NAT problem.
> First approach is to prevent the NATs from modifying the part of the
> packet that you care about. The second approach is to let NATs modify
> the packet and just reverse the effect of NATs at the receiver.
>
> ESP-UDP is the former approach and ours is the latter approach.
There are some things that one should stay away from, but I just
can't resist.. SSH already has a patent (application?) for that latter
approach as well. I don't have the number right now, but it was applied
for in Finland, and some years back. I seem to remember that it was granted.
I just mention this because you said you had some patent application..
Purely technically, my view is that ignoring NAT effects is simpler than
trying to compensate. It's also quite sufficient to solve the problem.
> The way we have designed the solution, you don't need any modifications
> to IKE. Our solution is a more general NAT traversal solution, and
> non-IPsec people can also use it. The solution is ready and hopefully we
> will be ready to release it by March-April 2002.
This WG is about making interoperable protocols. Why would the release
date of your company's product be significant?
Ari
--
"They that can give up essential liberty to obtain a little
temporary safety deserve neither liberty nor safety." - Benjamin Franklin
Ari Huttunen phone: +358 9 2520 0700
Software Architect fax : +358 9 2520 5001
F-Secure Corporation http://www.F-Secure.com
F(ully)-Secure products: Securing the Mobile Enterprise
Follow-Ups:
References: