IETF Logo Mail Archive

Re: [6lo] [IPsec] Diet-ESP

Hannes Tschofenig <hannes.tschofenig@gmx.net> Tue, 17 February 2015 16:37 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 198A11A8893; Tue, 17 Feb 2015 08:37:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WvNJ16G7yOxW; Tue, 17 Feb 2015 08:37:56 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11E9E1A1EF4; Tue, 17 Feb 2015 08:37:55 -0800 (PST)
Received: from [192.168.131.128] ([80.92.119.127]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0LdHLB-1Xfalc2DlR-00iPVq; Tue, 17 Feb 2015 17:37:53 +0100
Message-ID: <54E36E1F.60203@gmx.net>
Date: Tue, 17 Feb 2015 17:36:47 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: 6lo@ietf.org, ipsec@ietf.org
References: <CADZyTkkqjSQe1HvMhLqg1g1-bxGc3iXB8kjL81qJgieCwV6h8Q@mail.gmail.com>
In-Reply-To: <CADZyTkkqjSQe1HvMhLqg1g1-bxGc3iXB8kjL81qJgieCwV6h8Q@mail.gmail.com>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="cnENBWtvgo849icUfbTH6unTu2QtcWidK"
X-Provags-ID: V03:K0:JyBNNr2vtPhjRuTIamh4bP+sFwLkItNR8qEvs68pTTKsrVpCvE1 KvQJdheFvmVzCZWJJpsp1OEnVH41Ey9WnMTFxN1fF6ROXfG6VyZJ8T/GKE9NkQejl/CUW5c nkS0XCGBQcpLxzg6cn41WmsL0xOP9qEG9P40qo1zdfnvokuI/+lQasJNxOPEKAlj1gp3ks2 B/TQLaTybCUuJKMvw9gWQ==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: <http://mailarchive.ietf.org/arch/msg/6lo/MSGuZikyYyRr-2o0XTXj_9E6V3U>
Cc: Daniel Migault <mglt.ietf@gmail.com>
Subject: Re: [6lo] [IPsec] Diet-ESP
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Feb 2015 16:37:58 -0000

Daniel,

I understand that you spend a lot of time in writing these
specifications but, as mentioned in the past I just do not see the need
for this type of standardization activity. Nobody I have spoken with
asks for this functionality.

If there is indeed a need for IPsec ESP use in IoT then I am not sure
that the proposed optimizations are so useful given the impact for
security.

Ciao
Hannes

On 02/17/2015 04:08 AM, Daniel Migault wrote:
> Please find the new version of Diet-ESP a compress IPsec/ESP for IoT. We
> have implemented and tested Diet-ESP. Compared to the standard
> IPsec/ESP, Diet-ESP can reduce the networking overhead added to
> unprotected data from 100% to a few percent. I will be happy to present
> these draft next IETF.
> 
> Feel free to make comments!
> 
> The drafts includes:
>     1) draft-mglt-6lo-diet-esp-requirements
> <http://datatracker.ietf.org/doc/draft-mglt-6lo-diet-esp-requirements/>:
> lists the requirements for Diet-ESP
>     2) draft-mglt-6lo-aes-implicit-iv
> <http://datatracker.ietf.org/doc/draft-mglt-6lo-aes-implicit-iv/>:
> indicates how to avoid carrying the IV in each ESP packet. It is instead
> generated by each peers. The protocols described in the draft can be
> used with the regular IPsec/ESP.
>     3) draft-mglt-6lo-diet-esp
> <http://datatracker.ietf.org/doc/draft-mglt-6lo-diet-esp/> describes the
> core Diet-ESP protocol, that is how to compress/decompress each fields
> of the standard IPsec/ESP. Compression is discribed through a Diet-ESP
> Context.
>     4) draft-mglt-6lo-diet-esp-payload-compression
> <http://datatracker.ietf.org/doc/draft-mglt-6lo-diet-esp-payload-compression/>:
> describes how the clear text can be compressed before encryption. In
> fact unless IPsec/ESP is used with NULL encryption, the data in the ESP
> packet is encrypted. Encryption makes compression hard to perform.
> Instead compressing before encrypting can be very efficient. This makes
> possible to remove UDP/TPC/IP tunnel headers.
>     5) draft-mglt-6lo-diet-esp-context-ikev2-extension
> <http://datatracker.ietf.org/doc/draft-mglt-6lo-diet-esp-context-ikev2-extension/>:
> describes how to negociate Diet-ESP with IKEv2. In fact this mostly
> result in an agreement for the DIet-ESP Context. This exchange may then
> be extended to Diet-HIP Exchange.
> 
> BR,
> Daniel
> -- 
> Daniel Migault
> Orange Labs -- Security
> +33 6 70 72 69 58
> 
> 
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
>

v2.23.0 | Report a Bug | By Email