Last Call: <draft-mglt-ipsecme-clone-ike-sa-05.txt> (Cloning IKE SA in the Internet Key Exchange Protocol Version 2 (IKEv2)) to Proposed Standard
The IESG <iesg-secretary@ietf.org> Tue, 29 September 2015 21:46 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietfa.amsl.com
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F30E1B5204 for <ietf-announce@ietfa.amsl.com>; Tue, 29 Sep 2015 14:46:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i2I8QD152f5k for <ietf-announce@ietfa.amsl.com>; Tue, 29 Sep 2015 14:46:46 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BE531B51F5 for <ietf-announce@ietf.org>; Tue, 29 Sep 2015 14:46:46 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Last Call: <draft-mglt-ipsecme-clone-ike-sa-05.txt> (Cloning IKE SA in the Internet Key Exchange Protocol Version 2 (IKEv2)) to Proposed Standard
X-Test-IDTracker: no
X-IETF-IDTracker: 6.4.1
Auto-Submitted: auto-generated
Precedence: bulk
Sender: iesg-secretary@ietf.org
Message-ID: <20150929214646.565.41905.idtracker@ietfa.amsl.com>
Date: Tue, 29 Sep 2015 14:46:46 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf-announce/AsIaAcNRc3MuJNedjOq07Uyc1NM>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.15
Reply-To: ietf@ietf.org
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce/>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2015 21:46:47 -0000
The IESG has received a request from an individual submitter to consider the following document: - 'Cloning IKE SA in the Internet Key Exchange Protocol Version 2 (IKEv2)' <draft-mglt-ipsecme-clone-ike-sa-05.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2015-10-27. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document considers a VPN End User establishing an IPsec SA with a Security Gateway using the Internet Key Exchange Protocol Version 2 (IKEv2), where at least one of the peers has multiple interfaces or where Security Gateway is a cluster with each node having its own IP address. With the current IKEv2 protocol, the outer IP addresses of the IPsec SA are determined by those used by IKE SA. As a result using multiple interfaces requires to set up an IKE SA on each interface, or on each path if both the VPN Client and the Security Gateway have multiple interfaces. Setting each IKE SA involves authentications which might require multiple round trips as well as activity from the VPN End User and thus would delay the VPN establishment. In addition multiple authentications unnecessarily increase the load on the VPN client and the authentication infrastructure. This document presents the solution that allows to clone IKEv2 SA, where an additional SA is derived from an existing one. The newly created IKE SA is set without the IKEv2 authentication exchange. This IKE SA can later be assigned to another interface or moved to another cluster mode using MOBIKE protocol. The file can be obtained via https://datatracker.ietf.org/doc/draft-mglt-ipsecme-clone-ike-sa/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-mglt-ipsecme-clone-ike-sa/ballot/ No IPR declarations have been submitted directly on this I-D.