[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ipsec] FW: Remaining issues for IKEv2
Folks,
Just to provide a pointer... Section 7 of the current draft of
2401bis contains the 3 options that Steve posted to the list for
handling outgoing fragments on the protected side. The text reflects
changes as best I could figure from the list discussion. Since the
community hasn't yet decided whether options 2 and 3 should be MAY or
SHOULD, the draft says "MAY/SHOULD" for each.
- Option 1 doesn't require any changes to IKEv2 and seems to
be accepted by the community.
- Option 2 requires support for OPAQUE, so IKEv2 would need
to support this value.
- For the Option 3 (stateful fragment checking), we put in the
suggestion from Tero (a new notify message). This would
need IKEv2 support.
Karen
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec