IETF Logo Mail Archive

Re: [IPsec] IKE fragmentation

Yoav Nir <ynir@checkpoint.com> Wed, 13 March 2013 23:39 UTC

Return-Path: <ynir@checkpoint.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EFAF21F8A0C for <ipsec@ietfa.amsl.com>; Wed, 13 Mar 2013 16:39:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.582
X-Spam-Level:
X-Spam-Status: No, score=-10.582 tagged_above=-999 required=5 tests=[AWL=0.017, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UO3SPUWEWnOF for <ipsec@ietfa.amsl.com>; Wed, 13 Mar 2013 16:39:40 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id 1BFCB21F8A08 for <ipsec@ietf.org>; Wed, 13 Mar 2013 16:39:39 -0700 (PDT)
Received: from DAG-EX10.ad.checkpoint.com ([194.29.34.150]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r2DNdZPu004242; Thu, 14 Mar 2013 01:39:35 +0200
X-CheckPoint: {51410D63-0-1B221DC2-2FFFF}
Received: from IL-EX10.ad.checkpoint.com ([169.254.2.54]) by DAG-EX10.ad.checkpoint.com ([169.254.3.95]) with mapi id 14.02.0342.003; Thu, 14 Mar 2013 01:39:35 +0200
From: Yoav Nir <ynir@checkpoint.com>
To: Paul Wouters <paul@nohats.ca>
Thread-Topic: [IPsec] IKE fragmentation
Thread-Index: AQHOH/pQdHmEPMd7P0SMbddmnpEj3pijlQIAgACRiAA=
Date: Wed, 13 Mar 2013 23:39:34 +0000
Message-ID: <F31FED83-E80E-49CD-B683-32EB23021EEF@checkpoint.com>
References: <20799.34490.611737.922474@fireball.kivinen.iki.fi> <294A12724CB849D2A33F7F80CC82426A@buildpc> <alpine.LFD.2.03.1303130941040.27437@nohats.ca> <4C4F5DE0838E4DCFBAE31A02D7ED5D33@buildpc> <alpine.LFD.2.03.1303131036300.27437@nohats.ca> <BC5E4CA618BE4508859830CAA8D6A337@buildpc> <alpine.LFD.2.03.1303131057440.27437@nohats.ca>
In-Reply-To: <alpine.LFD.2.03.1303131057440.27437@nohats.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.31.20.156]
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
Content-Type: text/plain; charset="us-ascii"
Content-ID: <EA09BA04D9C5F1478AED03BED261A81D@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "<ipsec@ietf.org>" <ipsec@ietf.org>, Valery Smyslov <svanru@gmail.com>, Tero Kivinen <kivinen@iki.fi>
Subject: Re: [IPsec] IKE fragmentation
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2013 23:39:41 -0000

On Mar 13, 2013, at 10:58 AM, Paul Wouters <paul@nohats.ca> wrote:

> On Wed, 13 Mar 2013, Valery Smyslov wrote:
> 
>> Or are you talking about the fictional IETF document (not yet written)
>> describing existing IKEv1 fragmentation? Probably it is better that
>> the authors of that solution document it.
> 
> I don't think any IKEv1 documents will ever be written again? :)

I think that if we make this a working group document, we should add an Appendix that will be informational and describe what people are doing for IKEv1, including the VendorID and the payload identifier "appropriated" for fragments.

When I implemented this I used the source of Wireshark to figure out how the protocol worked. Pretty poor reverse engineering, but it produced something that interoperates.

Yoav

v2.23.0 | Report a Bug | By Email