[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TFC in IKEv1

To: vamsi <vamsi@intotoinc.com>
Subject: Re: TFC in IKEv1
From: Stephen Kent <kent@bbn.com>
Date: Thu, 8 Jan 2004 17:59:11 -0500
Cc: ipsec@lists.tislabs.com
In-reply-to: <5.2.0.9.0.20040107150509.04536e98@10.1.5.10>
References: <5.2.0.9.0.20040107150509.04536e98@10.1.5.10>
Sender: owner-ipsec@lists.tislabs.com

At 18:47 -0800 1/7/04, vamsi wrote:
>Hi,
>TFC padding in  the ESPv3 draft states that the SA management 
>protocol must negotiate the TFC service prior to employing the 
>service.
>  Is there any draft  explaining how TFC attribute can be negotiated 
>as part of IKE v1 exchanges?
>Can any one Please share the information how to use TFC (Traffic 
>Flow confidentiality)  in IKEv1?
>
>
>regards
>    vamsi

There is no provision to negotiate this facility in IKEv1, as you 
have noticed. Since the extensions for TFC are in ESPv2, and since we 
anticipate folks who use ESPv2 will also use IKEv2, we have not made 
plans to create a DOI for IKEv1 that defines a suitable extension. 
However, note that one probably could use the ESP TFC conventions 
safely even without negotiation, in many cases.

Steve

References:
- TFC in IKEv1
  - From: vamsi <vamsi@intotoinc.com>

Prev by Date: IKEv1 and multiple SAs ?
Next by Date: length of IV in ESP_NULL cipher
Previous by thread: TFC in IKEv1
Next by thread: I-D ACTION:draft-ietf-ipsec-rfc2401bis-01.txt
Index(es):
- Date
- Thread