[IPsec] IKEv2 in iOS 9 and OS X El Capitan
Tommy Pauly <tpauly@apple.com> Thu, 09 July 2015 21:09 UTC
Return-Path: <tpauly@apple.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB4081A026E for <ipsec@ietfa.amsl.com>; Thu, 9 Jul 2015 14:09:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.91
X-Spam-Level:
X-Spam-Status: No, score=-2.91 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mcDf5-vpKfRf for <ipsec@ietfa.amsl.com>; Thu, 9 Jul 2015 14:09:49 -0700 (PDT)
Received: from mail-in6.apple.com (mail-out6.apple.com [17.151.62.28]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 318D11A01EA for <ipsec@ietf.org>; Thu, 9 Jul 2015 14:09:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1436476188; x=2300389788; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=OGxLsh4Z6598C8QcP+Par/pw1eakYggu8to6+SeIl6g=; b=Q/+701aVLu6M8OJcnxlhafhYLIAGPA5tkwAVmEpfD4MUHWZFiNnPTPui/HU0HQC3 1Phpq8smB2ouh7jYgnhbyiPEUEIu2+y+9YOd/PcTJvhKpsTH5c+4sdnPo9Dhx7Mq T9rRuOjhLAOGllGNI+C2MRTrL5FAObTC17XkRORoid5EY6HlvprbYsMvlBkJaC5y mHzHrtSrgGa3obtDe+omZYak/45XTaLTjJqZVfNzhrGcbpTDpny/85H9n8+JKix2 7zIwFm9o+19TV5ertF1xPqiOaXSsN9Jq8k6zGnDG3/4hYl9CfIIRGhcaqCixzHCG lAsQJ1qBC/aGjaS48ZZ74g==;
Received: from relay6.apple.com (relay6.apple.com [17.128.113.90]) by mail-in6.apple.com (Apple Secure Mail Relay) with SMTP id 0C.28.09025.C13EE955; Thu, 9 Jul 2015 14:09:48 -0700 (PDT)
X-AuditID: 11973e15-f79fd6d000002341-c4-559ee31c897d
Received: from orrisroot.apple.com (orrisroot.apple.com [17.128.115.106]) (using TLS with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by relay6.apple.com (Apple SCV relay) with SMTP id D3.A6.14452.1B4DE955; Thu, 9 Jul 2015 13:08:17 -0700 (PDT)
Received: from da0602a-dhcp245.apple.com (da0602a-dhcp245.apple.com [17.226.23.245]) by orrisroot.apple.com (Oracle Communications Messaging Server 7.0.5.30.0 64bit (built Oct 22 2013)) with ESMTPSA id <0NR800KTBO4BGW80@orrisroot.apple.com> for ipsec@ietf.org; Thu, 09 Jul 2015 14:09:48 -0700 (PDT)
From: Tommy Pauly <tpauly@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_3221FD25-FA30-4F21-AB89-462EF9FEC12C"
Date: Thu, 09 Jul 2015 14:09:51 -0700
Message-id: <0CEB8BDF-96C7-4DAC-B670-A89D447750DE@apple.com>
To: IPsecME WG <ipsec@ietf.org>
MIME-version: 1.0 (Mac OS X Mail 9.0 \(3060\))
X-Mailer: Apple Mail (2.3060)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrHLMWRmVeSWpSXmKPExsUi2FAYpSvzeF6owcHlhhb7t7xgc2D0WLLk J1MAYxSXTUpqTmZZapG+XQJXxqauT4wF+6Urlp16yt7AOFm8i5GTQ0LAROL4zHWsELaYxIV7 69m6GLk4hAT2Mkpc3nmVBaZoxd0OsCIhgSlMEhdPhUIUbWGSuLLlJztIgk1AReL4tw3MXYwc HMwCSRIrtliDhIUFtCW+v1sONodFQFXi9d+DYDavgI3EimuHmEBsZoFiic2H/rCAtIoIyEvM vJEJUaIncfvAfKgTZCXmTPzHDGG/ZZVoaQycwCgwC2HZLCQds8CGakssW/iaGcLWlNjfvRyL uIZE57eJrAsY2VYxCuUmZuboZuaZ6SUWFOSk6iXn525iBAXwdDvRHYxnVlkdYhTgYFTi4dXY PjdUiDWxrLgy9xCjNAeLkjjvjyvzQoUE0hNLUrNTUwtSi+KLSnNSiw8xMnFwSjUw9tzY/tdR 9KbkVh7vx9Enl/QkFDrI5Mn4z5m8O5HtV62CaAfvHvbZlQs5bwkJ9//90e/uspC51+ai8Mxy R8U703c9qZvjd85gFWPcpYOrWW9v2H+mXyYi43RBW8PeKRJfeSzvdM345XPrSPdEtXq/vYnn DmjyFNrnL2PwyJjdc1KsMVhHMKJQiaU4I9FQi7moOBEAmDhN9kECAAA=
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrELMWRmVeSWpSXmKPExsUi2FCcpbvxyrxQgwezuC32b3nB5sDosWTJ T6YAxigum5TUnMyy1CJ9uwSujE1dnxgL9ktXLDv1lL2BcbJ4FyMnh4SAicSKux2sELaYxIV7 69lAbCGBKUwSF0+FdjFyAdlbmCSubPnJDpJgE1CROP5tA3MXIwcHs0CSxIot1iBhYQFtie/v lrOA2CwCqhKv/x4Es3kFbCRWXDvEBGIzCxRLbD70hwWkVURAXmLmjUyIEj2J2wfms0CcICsx Z+I/5gmMvLMQFsxCUjULbJC2xLKFr5khbE2J/d3LsYhrSHR+m8i6gJFtFaNAUWpOYqWZXmJB QU6qXnJ+7iZGcMgVRu1gbFhudYhRgINRiYe3YPXcUCHWxLLiytxDjBIczEoivPPvzwsV4k1J rKxKLcqPLyrNSS0+xCjNwaIkzru/dUqokEB6YklqdmpqQWoRTJaJg1OqgVGe3feEd1lExoOD dos9bqRPF1u831r0pzrbvE96cs/L+tdt83rpZRN13amlKDMwqMR3tW7oEZFjL5ht35obidVv NfR2mKcianXmglTKty1lb/W96vZo1esXOt1iavq3b8e32N+2Uwrn/DvF9OhEb+Xey9aHe7c8 XaKUwXztscLV1+ZPX9/7+keJpTgj0VCLuag4EQBFQkG0NQIAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/NrJvmPQpZo1kQgXGsIY3JzztbDk>
Cc: Vividh Siddha <vsiddha@apple.com>, Christophe Allie <callie@apple.com>, Delziel Fernandes <delziel@apple.com>
Subject: [IPsec] IKEv2 in iOS 9 and OS X El Capitan
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jul 2015 21:09:50 -0000
Hello, I wanted to give an update to the list about some recent improvements to IPSec support in Apple’s operating systems. Apple has released the public betas for iOS 9 and OS X El Capitan today, available at beta.apple.com <http://beta.apple.com/>. As part of these releases, we have extended support for IKEv2, and have made IKEv2 the default VPN type. Here is a brief summary of what has changed for these releases: - IKEv2 is now manually configurable for both iOS and OS X, and is now the default VPN type when adding new VPN configurations. We support manual configuration of EAP-MSCHAPv2, EAP-TLS, no-EAP certificate auth, and no-EAP shared secret auth. We also support configuring IKEv2 using a configuration profile, which provides many more options for different authentication types, crypto algorithms, and enabling/disabling features. - We now enable MOBIKE (RFC 4555) by default - We now support IKEv2 Message Fragmentation (RFC 7383) - We now support server redirect (RFC 5685) - We support suite-B crypto algorithms I encourage anyone who is interested to download the betas and try out IKEv2! If you have feedback or questions, please send them my way. I’ll also be attending the meeting in Prague. Best, Tommy Pauly Core OS Networking, Apple
- [IPsec] IKEv2 in iOS 9 and OS X El Capitan Tommy Pauly