IETF Logo Mail Archive

Re: [IPsec] WG Adoption calls for draft-mglt-ipsecme-diet-esp and draft-mglt-ipsecme-ikev2-diet-esp-extension

Daniel Migault <mglt.ietf@gmail.com> Mon, 11 December 2023 16:17 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C16EC14CF17; Mon, 11 Dec 2023 08:17:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HYNg8WBwqpe0; Mon, 11 Dec 2023 08:17:15 -0800 (PST)
Received: from mail-yb1-xb36.google.com (mail-yb1-xb36.google.com [IPv6:2607:f8b0:4864:20::b36]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80ACBC14CF13; Mon, 11 Dec 2023 08:17:15 -0800 (PST)
Received: by mail-yb1-xb36.google.com with SMTP id 3f1490d57ef6-dbcaf854e5bso379844276.0; Mon, 11 Dec 2023 08:17:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702311434; x=1702916234; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=XPYv7VbQCuK5WWm9Tyhs0VJncYeSPknn1SCGbd8Vl5s=; b=gBn6/Q7Gc4BEpOWS7Y/37ajxTWI1uEZ7dpDPI2Clz5GrJVRQmJBsAf2wNVka8GWwxg FxFtaoXWm3QH/Svc9O52k/0IeBqkUWSxVr3mlKcHGThlXq8ULiorEEDP0xRCgOJP0ylB PC1kbNSsObaFH+aeCkEdbaB4K3kjMbiohVslP0cVdIuuZgEcctaX33pK6Bk62uhRxCE/ Grb8GwyIizOgVh4WLyQrzWHm4O7G3Vh0VgaIhfSogkokDX6+5ABaXQV8xMJLHgWpCnFd MNAorsxOjg0o6BjId/6inANMHyI6TJKgr7dBvyLDCxfxa2DZJXxWxZLxLtHFrDjIJBVI EWGg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702311434; x=1702916234; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XPYv7VbQCuK5WWm9Tyhs0VJncYeSPknn1SCGbd8Vl5s=; b=GFIrwWNZAFi7se62SDfJGtoCErFQF0WX64RMHbzPdwUvidjkUerU6lwzd+znIhgC5R RsMJhpeA7e+7gxHgUJ8q2ISy73f/yetlYV9FQzCVBob16mSugOAX5gpCrOJ5R/dIBr7L 3GxIhv6wIStOx5XrW7jmPhFNAVaqoLatsx1MbOMtYinJhV+8Rr46Jlzkdy1oldMtSEpa xd5nve7UySk9QLqk1QbEqHFTGF2nIXtS2N1doMzLA8cycIl0PbUpZAEZcHeEkuotvnSj CPFPsl00worToNC226YALb6bU1qQ9uFnTsLzLHl5NEv18zJ+Th8VFR1p/UVwBK4gBb8A MuNQ==
X-Gm-Message-State: AOJu0YwzHcI32cIIQ7gYKmTjCR1Zhpk5KZu30pfSs7jVYPpOLFNJCvuC G7c6Tsj2/wx+DqwnTMgH+nbSTj+r7sO4FTc0rmk=
X-Google-Smtp-Source: AGHT+IH2xfT5Ba0UZm3QxvOq1ETDZu5RGxjpbFmHVVrlxpLx3j/JXKiIRK3xz3I/Q0AdEJizuSCVql8V0uMrNiiLPJU=
X-Received: by 2002:a5b:783:0:b0:db5:449c:5ebf with SMTP id b3-20020a5b0783000000b00db5449c5ebfmr2764628ybq.38.1702311434304; Mon, 11 Dec 2023 08:17:14 -0800 (PST)
MIME-Version: 1.0
References: <CADZyTk=j=Wsd9CeS3LY3cH6AgD+A0e3uRftFRX7C2+d+7vBUhw@mail.gmail.com> <E4844AAF-7081-4967-87C2-CF3D4D267038@nohats.ca>
In-Reply-To: <E4844AAF-7081-4967-87C2-CF3D4D267038@nohats.ca>
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Mon, 11 Dec 2023 11:17:03 -0500
Message-ID: <CADZyTkmvgOzrdB5ZrKZ0ZwjPr3n+qRqZQh+goBQSLaBNe9mEwg@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Cc: Hannes Tschofenig <hannes.tschofenig=40gmx.net@dmarc.ietf.org>, Carsten Bormann <cabo@tzi.org>, Tero Kivinen <kivinen@iki.fi>, ipsec@ietf.org, schc@ietf.org
Content-Type: multipart/alternative; boundary="00000000000056c06c060c3e4474"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/8e3ZFbq6OjWv2uEetuEYb03DtlM>
Subject: Re: [IPsec] WG Adoption calls for draft-mglt-ipsecme-diet-esp and draft-mglt-ipsecme-ikev2-diet-esp-extension
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Dec 2023 16:17:17 -0000

Hi Paul,

Please find my comments inline.

Yours,
Daniel
On Mon, Dec 11, 2023 at 9:59 AM Paul Wouters <paul@nohats.ca> wrote:

>
> >
> > On Dec 11, 2023, at 08:53, Daniel Migault <mglt.ietf@gmail.com> wrote:
> >
> > 
> > What is not completely clear to me now is how we will be able to
> have/make public implementations for linux implementation and potentially
> *Swan projects. It is a bit too early for now, but I am hoping to have a
> path in the next coming months.
>
> For libreswan to consider this, there would have to be ESP support (or
> plans) by maintainers of IPsec in Linux and/or BSD.
>

One thing is that we have implementations, another is that these
implementations are public and the other thing is that it is supported by
libreswan / Linux.  As I mentioned earlier, I am hoping the publication of
a Linux implementation can be clarified in the next coming months. It
sounds though realistic to me that a Linux implementation be published.

I see support from the SCHC crowd, but haven’t seen the same from the IPsec
> crowd. I’m also myself still a bit unsure who would actually deploy this
> outside proof of concept scenarios.
>

I am personally active on these drafts because we have a deployment
perspective. The PoC phase is over for many years now and I can see a
number of vendors we are willing to interconnect with.

We would also want to look at using an scsh library (GPL compatible) as we
> wouldn’t want to re-implement what seems like a very complicated high cpu
> load parser.
>
>
It is unclear to me who "We" is. However, assuming scsh stands for schc,
and as I tried to mention a few minutes ago, we rely on SCHC for the
specification. Implementations do not have to (see our old implementations
for example). So, whoever is behind "We" does not have to necessarily
re-implement or rely on a GPL SCHC library.
Regarding compression / decompression I do see SCHC as pretty efficient
especially because of the use of static context, so I am wondering 1) why
"We" seesthis as "a very complicated high cpu load parser" and 2) what
compression/decompression alternative "We" would find more efficient.


> Paul
>
>
>

-- 
Daniel Migault
Ericsson

v2.23.0 | Report a Bug | By Email