ipsec November 2008 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: [IPsec] draft-ietf-ipsecme-ikev2-resumption-00.txt ticket

[IPsec] draft-ietf-ipsecme-ikev2-resumption-00.txt ticket location

From: Hui Deng <denghui02_at_nospam>
Date: Tue Nov 18 2008 - 06:07:09 GMT
To: ipsec@ietf.org


Hello, authors,

After reading your draft and rethinking of the main issues, I would like to raise one issue about ticket location issue: there have two problems on sending tickets with all the information to the client

  1. If the session resumption solution is deployed in mobile network, it will consume a lot of air-interface cost to request/present/update the ticket. As the mobile operators, we prefer not do that.
  2. As discussed in the list, the packet to send the ticket may be fragmented. When session resumption happened, a large number of the client may try to present the ticket at the same time. In this case, a bunch of fragmented IP packets will be sent to the gateway. Some equipments (such as mobile network GW, firewalls, etc) between clients and gateway may be overloaded to handle the IP fragment. And, some equipments may treat it as DoS attack and simply drop all the fragmented packets. the most important issue, the wireless base station will be chunked and died.

thanks for your consideration. under this consideration, we would like to recommend the solution which could store the ticket information purely on the network side.
thanks for your consideration.

-Hui



IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec