[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IKEv2: Remaining Issues - ECNFIX
> In order to meet the challenge set by the Security Area Directors of
> finishing working group last call by February 15th, we intend to give
> Charlie Kaufman editing directions on Tuesday, February 11th. Hence,
> we encourage people to respond to these issues by close of business on
> Monday, February 10th. Obviously, minor issues can still be raised
> and fixed during the last call period, but we need to set a stake in a
> ground and make the major fundamental decisions in the next couple of
> days.
I apologize for missing the Tuesday deadline due to a death in my family.
I believe the current ecnfix draft (draft-ietf-ipsec-ikev2-ecnfix-00.txt)
reflects list discussion prior to its submission. Having seen little
discussion since then, I propose to remove the open issue text
in Section 5.2 of the ecnfix draft and ask that the IKEv2 draft require
the ECN behavior specified in the ecnfix draft for all tunnel-mode SAs
(including NAT-traversal tunnel-mode but not NAT-traversal transport-
mode) negotiated via IKEv2.
On a related note, the current IKEv1 DOI does not specify an
interoperable default encapsulation mode (transport vs. tunnel)
in the absence of negotiation. The description of the IKEv2
USE-TRANSPORT-MODE notify message type in Section 5.10.1 should
be extended to say that if that notify message is not present
in a request, the resulting SA MUST use tunnel mode in order
to avoid a continuation of this situation.
Thanks,
--David
----------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 176 South St., Hopkinton, MA 01748
+1 (508) 293-7953 FAX: +1 (508) 293-7786
black_david@emc.com Mobile: +1 (978) 394-7754
----------------------------------------------------