[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IKEv2 transport concerns

To: kent@bbn.com
Subject: RE: IKEv2 transport concerns
From: Black_David@emc.com
Date: Fri, 6 Dec 2002 02:45:55 -0500
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

> At 7:06 PM -0500 12/3/02, Black_David@emc.com wrote:
> >  > >>>>> "Black" == Black David <Black_David@emc.com> writes:
> >>      Black> (1) Any system running IKEv2 is REQUIRED to handle ECN
> >(Explicit
> >>
> >>    I think that this may be misplaced. I think that RFC2401bis is where
> >>  to say this.
> >
> >I think it needs to be in both places.  We have a one-time opportunity
> >to avoid the IKEv1 ECN negotiation kludge if all IKEv2 implementations
> >are REQUIRED to handle ECN correctly at tunnel egress.  IMHO, this
> >outcome is important enough to merit specifying the means of achieving
> >it in both the IKEv2 and RFC2401bis documents.  If we wind up dealing
> >with IKEv2 systems that get this wrong, the negotiation kludge will be
> >with us for much longer ...
> 
> David,
> 
> I don't think the IKE v2 document is the appropriate place to make 
> note of the ECN handling you refer to, since it applies to the 
> actions performed on the child SAs that IKE establishes, not on the 
> IKE SAs, right? It really is a 2401bis matter, I believe.
> 
> Steve

Will 2401bis progress on a timeline that will allow a normative reference
to it from IKEv2?  If so having IKEv2 say "MUST do ECN right, see 2401bis
for details" would be fine.  I'm concerned that no mention of this at all in
IKEv2 implicitly allows IKEv2 to negotiate 2401classic style tunnel handling
of ECN, and that would be unfortunate.

Thanks,
--David

Follow-Ups:
- RE: IKEv2 transport concerns
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: Summary of key derivation thread
Next by Date: Re: difference in IKE main and aggressive mode
Prev by thread: Re: IKEv2 transport concerns
Next by thread: RE: IKEv2 transport concerns
Index(es):
- Date
- Thread