[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEv2:limitation of 4k for UDP payload

You are right that, unless some text is present either as SHOULD or MUST and clarification text indicating how TCP can be used, then there would be interoperable problems. Since, it is not well defined, I am going ahead with IKEv2 implementation using UDP. Thank you for your answers. Yoav Nir wrote: >That Check Point implements it is nice, if you have a Check Point client. >This does not add interoperability, which is the main concern of the IKE >document. > >I don't think we can standardize of TCP as a MUST requirement, because many >TCP stacks are vulnerable to DoS attacks. It would be nice, though, to have >an optional IKE over TCP. > >-----Original Message----- >From: owner-ipsec@lists.tislabs.com >[mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Vinay K Nallamothu >Sent: Thursday, March 27, 2003 8:07 AM >To: Ravi >Cc: ipsec@lists.tislabs.com >Subject: Re: IKEv2:limitation of 4k for UDP payload > > >On Wed, 2003-03-26 at 19:12, Ravi wrote: > >> >>and why UDP is chosen for IKE over TCP. >> > >Just rewording one of the earlier discussion: > >One of the design requirements is transport protocol independence >because of which IKE can not assume about the reliable streaming >capabilities of the transport layer such as TCP. This seems to be the >reason why UDP was chosen over TCP. > >But this does not stop from implementing IKE over TCP. In fact few >implementations already do this. For e.g: Check Point FW-1 NG FP3 > >You can find the original discussion at >http://www.sandelman.ottawa.on.ca/ipsec/1999/05/msg00014.html > >vinay > > > -- The views presented in this mail are completely mine. The company is not responsible for whatsoever. ---------- Ravi Kumar CH Rendezvous On Chip (i) Pvt Ltd Hyderabad, India Ph: +91-40-2335 1214 / 1175 / 1184 ROC home page