[IPsec] I-D Action: draft-ietf-ipsecme-iptfs-12.txt
Tero Kivinen <kivinen@iki.fi> Tue, 09 November 2021 10:11 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8105A3A0D79 for <ipsec@ietfa.amsl.com>; Tue, 9 Nov 2021 02:11:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iki.fi
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C6fdiQFJSB6D for <ipsec@ietfa.amsl.com>; Tue, 9 Nov 2021 02:11:29 -0800 (PST)
Received: from lahtoruutu.iki.fi (lahtoruutu.iki.fi [185.185.170.37]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B79E13A0D73 for <ipsec@ietf.org>; Tue, 9 Nov 2021 02:11:28 -0800 (PST)
Received: from fireball.acr.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: kivinen@iki.fi) by lahtoruutu.iki.fi (Postfix) with ESMTPSA id 84EE81B00283 for <ipsec@ietf.org>; Tue, 9 Nov 2021 12:11:24 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1636452684; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=H36wEH04MFHdOXGDF6QJqdxuv+D6VUHJP8Gsxvmx05U=; b=tu53aubIuSQqLL5oAXeD/HobEfCKuIEiJPaYw9VvOM+jCQO4Om1G8zuCgDa4yAwgfk+fKm bEEyUovvjcnTlP4Se5h9dy/KhYyuuePb47n31aaY20RY4FXwuVIUsV71+bvlYZmT5CIR6W f6h+/CsuWeXSnzg34zi2e7YvLdbSnapefykBLuF7l8kI0+ANCisYhEw3bG5iHy+LPIXzMw 2sksbwKr6FCTeZ4N1znDKhXw94qHkhRXSWxei3XsqezUqqRbo5V/ev5flGBI/AOYlki8G1 +Y+7dEKw1tSdphRsKeO0ikyZ6Ggg4hTHa+H1Eb8Jajn/w8702BpnAvrBwpE2Xg==
Received: by fireball.acr.fi (Postfix, from userid 15204) id 311F625C1149; Tue, 9 Nov 2021 12:11:24 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <24970.18764.155041.264504@fireball.acr.fi>
Date: Tue, 09 Nov 2021 12:11:24 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: ipsec@ietf.org
In-Reply-To: <163637838640.2334.12779298707748449055@ietfa.amsl.com>
References: <163637838640.2334.12779298707748449055@ietfa.amsl.com>
X-Mailer: VM 8.2.0b under 26.3 (x86_64--netbsd)
X-Edit-Time: 15 min
X-Total-Time: 17 min
ARC-Seal: i=1; s=lahtoruutu; d=iki.fi; t=1636452684; a=rsa-sha256; cv=none; b=XnZfBSElErC9dwSYXuXjE+Qwxv7B1PvL9PWwbuRYmWEd2OfY+Qdm+hHsEJUl8p31NbCld9 DqFIaH3kMg+Nx3vVx23RR++kgDGNgxeRiQ5Y7p9htZ3xcNretMX5cQJecuwznEJJ/M4YTw 1zoShBenatVs9MGgeZgr38cdJS/MyffoyMpPySH21t555YX8857Dh6WyQgQ5RyaDqwc0iK E02AGHRqqvjx57YcswM51IVhBhQQsVtM4JzJwIzuSERGE5COIAYyvEr62roOHI1uwQ4xc6 yvRPkaObS9kyFPQPnBrsmgHs1zfnhyVb5CHQLn1gkfv+YnowPEKhBKF1iRggxQ==
ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=kivinen@iki.fi smtp.mailfrom=kivinen@iki.fi
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1636452684; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=H36wEH04MFHdOXGDF6QJqdxuv+D6VUHJP8Gsxvmx05U=; b=hWsif7EkRda/+ZJzKDRUwZjMGZujg+jE9xOPMG44+cRCxzDv5dwTzCepYjJHhjOPPl3rU0 kkowRhIEgAxIMj+D8BxpISPek3KBmyvR1uof1P+SNsgpqTATkPy0kqhffI04dblctO8X+5 yy4ycPlNACNrpi+lBmjtDZQoSrXXmGtpevZYHj761ohD1sWEDaUe+fdTQMMZihd7T8kZL5 oNkjCmHb6z0xl1n0YWAs8OLIx61zpwmsji5F7bZaJIoDMQV/KcdoV0YJPuxGVgxS7y0AYT dYBne1thhRTSUYbV7cmp9k8y9jm+hUDRecqNBVJFXVgF+q+cTJ6RmDKXnOxSIw==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/5XTWCdAgFClcOEZHvbeiziCltrU>
Subject: [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-12.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 10:11:34 -0000
internet-drafts@ietf.org writes: > Title : IP-TFS: Aggregation and Fragmentation Mode for ESP and its Use for IP Traffic Flow Security > Filename : draft-ietf-ipsecme-iptfs-12.txt I checked the diffs, and I think this text is mostly ok. I think there is still bit of tweaking that can be done, mostly as what happens if using the 2nd option and the frame appears after the lost timer, but inside the reorder window. My understanding is that it would still be good idea to process that frame, but there is text which says "Using this method will make sure the packets are sent in-order, i.e., there is no reordering possible, ...", and that would indicate that we must drop that frame that comes after the lost timer expire, but inside the reorder window, as if we process it after the lost timer has expired this may cause inner packets sent out of order. The question really is do we want really make sure there can not be reorderings on the 2nd option, i.e., we will drop all frames that would send reordered inner frames? In that case the reorder window size does not have any meaning if we have loss timer defined. On the other hand having small lost timer, but bigger reorder window would allow fixing localized reorderings (i.e., like getting two outer frames almost back to back, but in wrong order), but still not throw away frames that come in too late. To allow that we could simply change text to "Using this method will make sure the packets are sent in-order as much is possible, ...". Ps. Other option is to allow that kind of localized reorderings is to add that option to 1st option, i.e., add sentence to the end of 1st paragraph saying "The receiver MAY also have reordering timer, so that when out of order outer packet comes in, the receiver waits for this reordering timer to see if new packets comes during that time, and if so it can reorder the frames before processing them.", but on the other hand I do not think anything in the 1st option forbids doing that anyways, so I do not think we need such text. -- kivinen@iki.fi
- [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-12.t… internet-drafts
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-… Paul Wouters
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-… Michael Richardson
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-… Christian Hopps
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-… Christian Hopps
- [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-12.t… Tero Kivinen
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-… Lou Berger
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-… Benjamin Kaduk
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-… Tero Kivinen