IETF Logo Mail Archive

Re: [IPsec] IPsecME virtual interim meeting (revised date)

"Valery Smyslov" <svanru@gmail.com> Tue, 07 May 2013 13:18 UTC

Return-Path: <svanru@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AF3B21F8EC1 for <ipsec@ietfa.amsl.com>; Tue, 7 May 2013 06:18:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.799
X-Spam-Level:
X-Spam-Status: No, score=-1.799 tagged_above=-999 required=5 tests=[AWL=0.799, BAYES_00=-2.599, STOX_REPLY_TYPE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XJqdU7NxT3WK for <ipsec@ietfa.amsl.com>; Tue, 7 May 2013 06:18:31 -0700 (PDT)
Received: from mail-la0-x233.google.com (mail-la0-x233.google.com [IPv6:2a00:1450:4010:c03::233]) by ietfa.amsl.com (Postfix) with ESMTP id 228BC21F8EBC for <ipsec@ietf.org>; Tue, 7 May 2013 06:18:30 -0700 (PDT)
Received: by mail-la0-f51.google.com with SMTP id ep20so552136lab.38 for <ipsec@ietf.org>; Tue, 07 May 2013 06:18:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:from:to:cc:references:subject:date :mime-version:content-type:content-transfer-encoding:x-priority :x-msmail-priority:x-mailer:x-mimeole; bh=gNSWcypY/+hUFTG1Sbxx2zb7n3WH7crTeHzLDR0dV2s=; b=DPevB1KBl/6tk8LSpOg9zYf8Bj1s4YxT3ijtiqGgwSqq5HiUR6tm2u4JZqdhWYd8vO hz6vRE6PfjPJJvZFo2pfOctXnQAITli59LXRXp69yi0Nt8JFPPoDbRy/aCESg23YExPW StOIsl9E4BlUjUBaimfD+E5JBSyMl0FDEyOyIb6svyNL2xEA6LwFxYcGufPtDjadjx0p 5V190mGRzIwSUrAVnxvz2e6cWMmH6VVZ6oeNlfXqUoASwmrVkbsNJXteJRGExtjtXlj9 nE3PpFMH4aY7aPOuMO47TSR/xPNUTlNrJGuY3LCVgGzDodkkvi9eYanApL45wIT3YnTb 2UBA==
X-Received: by 10.112.173.39 with SMTP id bh7mr1069711lbc.62.1367932710072; Tue, 07 May 2013 06:18:30 -0700 (PDT)
Received: from buildpc ([93.188.44.200]) by mx.google.com with ESMTPSA id 4sm3490322lbi.16.2013.05.07.06.18.28 for <multiple recipients> (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 07 May 2013 06:18:29 -0700 (PDT)
Message-ID: <5DCEA3A89A1346958FC20B990E5D68C8@buildpc>
From: Valery Smyslov <svanru@gmail.com>
To: Yoav Nir <ynir@checkpoint.com>
References: <517FCC2A.8060904@gmail.com> <1D5C3857EF7C48AF9A952CB5AEA3CB21@buildpc> <F4E83D4E-8166-412B-9694-F40034DB55A5@checkpoint.com>
Date: Tue, 07 May 2013 17:18:27 +0400
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-Mimeole: Produced By Microsoft MimeOLE V6.00.2900.6157
Cc: IPsecme WG <ipsec@ietf.org>
Subject: Re: [IPsec] IPsecME virtual interim meeting (revised date)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 May 2013 13:18:32 -0000

Hi Yoav,

> I agree with your conclusion (that we should do an IKE fragment thing, 
> maybe based on your draft).
>
> However, 2 comments:
>
>  1. You can never know if anything is IPR free. At best you can say that 
> nobody has said anything yet.

Yes, I agree. I only meant that neither I, nor my company didn't claim IPR.
Of course, somebody might have claimed IPR for similar approach before.

>  2. IKE over TCP has worked for over 10 years in my company's products and 
> worked well. So the details can be ironed out.

Of course, although from my understanding IKE over TCP for IKEv2 will have 
more issues to iron out than for IKEv1...

> The reason > we abandoned this technology is that the broken SOHO devices 
> began to not only drop fragments, but to also
> drop anything that wasn't TCP to a specific group of ports. IKE-over-TCP 
> could not solve this issue.

Unfortunately, IKE fragmentation couldn't solve this either...

v2.23.0 | Report a Bug | By Email