[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: question about draft-ietf-ipsec-nat-t-ike-07

To: Tero Kivinen <kivinen@ssh.fi>
Subject: Re: question about draft-ietf-ipsec-nat-t-ike-07
From: Tom Hu <tomhu@cisco.com>
Date: Thu, 30 Oct 2003 16:45:18 -0800
CC: latten@austin.ibm.com, ipsec@lists.tislabs.com
References: <200310291953.h9TJriia017231@faith.austin.ibm.com> <16288.53766.952607.215763@ryijy.hel.fi.ssh.com>
Sender: owner-ipsec@lists.tislabs.com



Tero Kivinen wrote:

> latten@austin.ibm.com writes:
> > In draft-ietf-ipsec-nat-t-ike-07.txt, section 3.1, there is mention
> > of vendor ID payload to be passed in Phase 1, but it is not defined
> > in the draft nor in rfc 2409.
>
> The actual vendor ID value will be added when the final RFC number
> of the document will be known, i.e it will be the MD5 hash of the text
> "RFC XXXX", where the XXXX is the actual RFC number of the
> draft-ietf-ipsec-nat-t-ike-07.txt document.
>
> > I found mention of it in the draft for ikev2, and just want to be
> > sure that the VID payload mentioned in this ikev2 draft is the same
> > one to be passed in Phase 1 for ikev1 for NAT-T.
>
> IKEv2 protocol does NOT have vendor ID for the NAT-T. The vendor ID is
> needed in the IKEv1 to see if the other end supports NAT detection
> payloads. In the IKEv2 this is not needed, as the NAT detection
> payloads are notifications, and all IKEv2 implementations MUST ignore
> unknown status notifications.
>

Question about NAT-T with v2. I read v2 RFC, my impression it does not allow to
send or process notification message until the peer is authenticated. It also means
that we only can send or process Notify message after 4th messages. It seems we
should send NAT-D in msg #1 and #2, is it against ikev2 protocol? Or we have some
selection of Notification message can allow before 4th message?

Tom

>
> > A while back someone asked about the IPR claim for draft-ietf-ipsec-nat-t-ike
> > and draft-ietf-ipsec-udp-encaps, because they were interested in
> > implementing.  I was wondering if there was any new info on this claim
> > or exactly what pieces of the technology are being claimed.
> > See http://www.ietf.org/ietf/IPR/MICROSOFT-NAT-Traversal.txt
>
> I haven't received any more information about that even when I tried
> to ask from Microsoft.
> --
> kivinen@ssh.fi
> SSH Communications Security                  http://www.ssh.fi/
> SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

Follow-Ups:
- Re: question about draft-ietf-ipsec-nat-t-ike-07
  - From: Tero Kivinen <kivinen@ssh.fi>

References:
- question about draft-ietf-ipsec-nat-t-ike-07
  - From: latten@austin.ibm.com
- question about draft-ietf-ipsec-nat-t-ike-07
  - From: Tero Kivinen <kivinen@ssh.fi>

Prev by Date: Re: question about draft-ietf-ipsec-nat-t-ike-07
Next by Date: Re: question about draft-ietf-ipsec-nat-t-ike-07
Prev by thread: Re: question about draft-ietf-ipsec-nat-t-ike-07
Next by thread: Re: question about draft-ietf-ipsec-nat-t-ike-07
Index(es):
- Date
- Thread