[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Ipsec] big IKE packets
Those stupid DSL routers know (sort-of) how to deal with TCP. They can live
with UDP (as long as it does not need fragmentation). They usually drop
ICMP, ESP and AH. I wouldn't trust them to pass SCTP.
-----Original Message-----
From: Francis.Dupont@enst-bretagne.fr
[mailto:Francis.Dupont@enst-bretagne.fr]
Sent: Wednesday, September 01, 2004 1:02 PM
To: Yoav Nir
Cc: 'Michael Richardson'; 'Paul Hoffman / VPNC'; ipsec@lists.tislabs.com;
pki4ipsec@honor.icsalabs.com
Subject: Re: [Ipsec] big IKE packets
In your previous mail you wrote:
Things like hash-and-URL solve one problem, but I think IKE over TCP
is a better solution.
Like any proposal, I guess this too falls into the too-late-for-IKEv2
category, but it still could be submitted as a private draft.
=> if we agree to change UDP for a better protocol, IMHO SCTP is
the best candidate (BTW it was designed for signaling, and IKE is
a signaling protocol).
Regards
Francis.Dupont@enst-bretagne.fr
PS: interaction of IKE over SCTP and MOBIKE should give some fun!
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec