Re: Draft minutes from the WG meeting

[Ari Huttunen <Ari.Huttunen@xxxxxxxxxxxx>]

Paul Hoffman / VPNC wrote:
> IKEv2 status discussion - Charlie Kaufman
>     New draft in October
>     Changed many things that became controversial:
>         Suites replaced ala carte
>         Went to always 4 messages
>         Simplified traffic selector (no one has complained)
>     Other controversies
>         NAT traversal
>         Tunnel vs. transport negotiation
>         Key sizes and algorithms
>         Legacy auth not covered
>         Revised identity proposal
>     NAT Traversal
>         Not in IKEv1, but now there is a draft
>         Should the new extensions be included in IKEv2?
>     Tunnel vs. transport
>         No negotiation in IKEv2
>         Charlie needs to understand why this is needed
>         If inner and outer IP addresses are the same,
>             MAY use transport

IMHO, NAT traversal is currently unnecessarily complicated.
If we can imagine tweaking some things that we could not tweak
when specifying it for IKEv1, we could make it simpler.
I would myself throw out transport mode, and specify only
tunnel mode for NAT traversal. I would also make IKEv2 always
floated, so we can get rid of the ugly part of changing
a protocol from one port to another.

Ari

--
I play it cool and dig all jive,
 that's the reason I stay alive.
  My motto as I live and learn,
   is dig and be dug in return. <Langston Hughes>

Ari Huttunen                   phone: +358 9 2520 0700
Software Architect             fax  : +358 9 2520 5001

F-Secure Corporation       http://www.F-Secure.com

F(ully)-Secure products: Securing the Mobile Enterprise