IETF Logo Mail Archive

[IPsec] Ensuring future extensibility for WESP

Yaron Sheffer <yaronf@checkpoint.com> Wed, 18 November 2009 07:30 UTC

Return-Path: <yaronf@checkpoint.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 98BFC3A6B56 for <ipsec@core3.amsl.com>; Tue, 17 Nov 2009 23:30:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.509
X-Spam-Level:
X-Spam-Status: No, score=-1.509 tagged_above=-999 required=5 tests=[BAYES_05=-1.11, HTML_MESSAGE=0.001, J_CHICKENPOX_37=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B8b3Q8SyVc0C for <ipsec@core3.amsl.com>; Tue, 17 Nov 2009 23:30:21 -0800 (PST)
Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by core3.amsl.com (Postfix) with ESMTP id 5CF663A682C for <ipsec@ietf.org>; Tue, 17 Nov 2009 23:30:21 -0800 (PST)
Received: from il-ex01.ad.checkpoint.com (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id nAI7UFGo008660 for <ipsec@ietf.org>; Wed, 18 Nov 2009 09:30:15 +0200 (IST)
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Wed, 18 Nov 2009 09:30:21 +0200
From: Yaron Sheffer <yaronf@checkpoint.com>
To: IPsecme WG <ipsec@ietf.org>
Date: Wed, 18 Nov 2009 09:30:21 +0200
Thread-Topic: Ensuring future extensibility for WESP
Thread-Index: AcpoFSLc1kth/nrBQ1azCQhwolsjHA==
Message-ID: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BDF888ABAF@il-ex01.ad.checkpoint.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_7F9A6D26EB51614FBF9F81C0DA4CFEC801BDF888ABAFilex01adche_"
MIME-Version: 1.0
Subject: [IPsec] Ensuring future extensibility for WESP
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2009 07:30:26 -0000

Hi,

The recent draft on extending WESP which was presented in Hiroshima, explains why the current WESP is *not* extensible, and we would need a new version number if we are to add any extensions in the future.

It is up to the WG to decide whether or not we want to adopt the draft, given that many people were skeptical about the specific extensions proposed. But regardless of that, it would be a mistake to publish WESP today with no facility for extensibility. After consulting with Pasi (the draft is at a very late stage, having been through IESG review), I would like to make a simple proposal to add this extensibility, with (almost) no change to the current draft. This will leave us with future options, at virtually no cost. I am basically just changing the semantics of the Padding field. Specifically:

1. Rename IPv6Padding to "Padding (Reserved for Future Use)", and allow it to be any length <256, subject to the IPv4 and IPv6 alignment constraints.
2. If P=1 (Padding Present flag), the first octet of the Padding field will hold the padding's length. [Hardware implementations can check that it is 4 for IPv6, otherwise move the packet to the slow path]. All other Padding octets are sent as zero, and ignored by the receiver.

Note that there are barely any changes on the wire, as long as we don't have extensions. In particular the length remains unchanged.

Thanks,
            Yaron

v2.23.0 | Report a Bug | By Email