[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IKEv2 and NAT traversal

To: "'IP Security List'" <ipsec@lists.tislabs.com>
Subject: RE: IKEv2 and NAT traversal
From: "Jayant Shukla" <jshukla@trlokom.com>
Date: Tue, 18 Dec 2001 18:47:16 -0800
Importance: Normal
In-Reply-To: <3C1F1BD7.3B230861@F-Secure.com>
Sender: owner-ipsec@lists.tislabs.com


> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com 
> [mailto:owner-ipsec@lists.tislabs.com]
> On Behalf Of Ari Huttunen
> 
> There are some things that one should stay away from, but I just can't

> resist.. SSH already has a patent (application?) for that latter 
> approach as well. I don't have the number right now, but it was 
> applied for in Finland, and some years back. I seem to remember that 
> it was granted. I just mention this because you said you had some 
> patent application..
>

There was nothing in my e-mail about the patent application. That e-mail
was about various approaches to solving the NAT problem. If you cannot
resist, then please start a separate thread instead of changing the
direction of the discussion of this thread. 

If SSH approach is same as ours and their patent/application precedes
ours, I will gracefully accept that. 

However, looking at what has been published so far, I very seriously
doubt what they have done is anywhere near us. Anyway all this is
speculation until we see their approach. You have already seen part of
our approach at San Diego and the remainder will be presented at the
next IETF meeting.


> Purely technically, my view is that ignoring NAT effects is simpler 
> than trying to compensate. It's also quite sufficient to solve the 
> problem.
> 

It may seem simpler but has a lot of problems. I did point out the issue
with existing NATs that support IPsec pass thru. Not to mention problems
with other networking protocols and standards. 


> > The way we have designed the solution, you don't need any 
> > modifications to IKE. Our solution is a more general NAT traversal 
> > solution, and non-IPsec people can also use it. The solution is 
> > ready and hopefully we will be ready to release it by March-April 
> > 2002.
> 
> This WG is about making interoperable protocols. Why would the release

> date of your company's product be significant?
> 

The reason is very simple; instead of just describing it in a 10-20 min
talk we want to show it working (in various configurations and with
third party NAT boxes, even the ones with IPsec pass thru). 


Regards,
Jayant

References:

Re: IKEv2 and NAT traversal

From: Ari Huttunen <Ari.Huttunen@f-secure.com>

Prev by Date: RE: IKEv2 traffic selector subsetting.
Next by Date: Re: IKE v2 Requirements and backwards compatability
Prev by thread: Re: IKEv2 and NAT traversal
Next by thread: RE: IKEv2 and NAT traversal
Index(es):
- Main
- Thread