IETF Logo Mail Archive

[IPsec] Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2 draft

Valery Smyslov <smyslov.ietf@gmail.com> Tue, 28 April 2020 09:54 UTC

Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A85DE3A1212; Tue, 28 Apr 2020 02:54:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MRIhPfvI7_ZH; Tue, 28 Apr 2020 02:54:55 -0700 (PDT)
Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC58B3A1210; Tue, 28 Apr 2020 02:54:54 -0700 (PDT)
Received: by mail-lf1-x12e.google.com with SMTP id y3so748638lfy.1; Tue, 28 Apr 2020 02:54:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding:thread-index:content-language; bh=lUzjd0UEkPm1lRGFeGR2y4+pw8+UhRG6y1qm/4EvDSo=; b=kNONYapGyL46WNy2ORGFaAziI5yhPdW+AYjx+k1lGpKR28oaKVggwHQPBnCyhXUppU jzwUCUi0wzbhqC1v73xdXTgJ8u2B7cZU9pkcYeAU/0jDTHO33rT2Y5ejgZ6BW8vlMUz2 PaLuiYHV3VZ8XbBzQF10kILx5BSmn7xVobvihycC7ez8jQKOz1o4hZdKWIWioswC/c8z 9KhX6atRIYPy31yiN44L+yYOGjZA1bIngp6EOUfmQkIqQb92ohk5la0E6AvZycs4Fjzc NI12kweMlqsUornH2cf4uHWvwPnCgxfmKnahJ4DNsC6u2xTq9NyV3oM7hl17rEu+hTJW 0tCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding:thread-index:content-language; bh=lUzjd0UEkPm1lRGFeGR2y4+pw8+UhRG6y1qm/4EvDSo=; b=NQLHN/rIyO2VhtRK0y8nQrQ+isWNasNov5iQoOBjUTRnLCN5765TvJ2GWkUvXi/s7m EZGpU/T5mJ6vhiBzh1iIfE8uxEcwTS4IVQY/fsVl6gkohtD/7ptcRCDRTyW1lRezSHET D08QifQimaWZB8mnZAd1iFT/O4OnV9wZwBXAEtIUFBN1FIfc3w8meOM1T0TwGU3rZ3CD CuAHT/hn1uizMoNBIAgZHgTmso2LJCuJxtN4hvUdJ3KCgQZuhaM+tkZl0W04DOA5vNCA JLfCT1TfKaDdEdQAS4DwA0aBsNVm7SBJASiWKecHdEsYq9a13O1uq7ODdYmLYIEppW/X suKQ==
X-Gm-Message-State: AGi0PuY73VAKx9OKcBI3GCyAR+jwW1uZ6QAp+A4OSJ6xzh5jqLSr2Xro //53lFD0XLwGssNICdbscFgpsBD2
X-Google-Smtp-Source: APiQypJ0To83PCic0PZB4jvs8BBKV5bQeVy7acX7RwrGy7+pnKX3OFZA0M+sM4zWC82YScn/zEAFqQ==
X-Received: by 2002:ac2:57cc:: with SMTP id k12mr18068017lfo.69.1588067692435; Tue, 28 Apr 2020 02:54:52 -0700 (PDT)
Received: from svannotebook (95-27-147-103.broadband.corbina.ru. [95.27.147.103]) by smtp.gmail.com with ESMTPSA id s27sm12078857ljo.80.2020.04.28.02.54.51 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 28 Apr 2020 02:54:51 -0700 (PDT)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: ipsec@ietf.org
Cc: ipsecme-chairs@ietf.org
Date: Tue, 28 Apr 2020 12:54:49 +0300
Message-ID: <0b5201d61d43$0f16dfe0$2d449fa0$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdYdQKpf169Cj9ucQkeiClQsqb56ag==
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/B83fY4Gec9fSY1oiRepogWwJc6E>
Subject: [IPsec] Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2 draft
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Apr 2020 09:54:57 -0000

Hi,

a one and half year ago at IETF 103 in Bangkok I presented
draft-smyslov-ipsecme-tcp-guidelines
"Clarifications and Implementation Guidelines for using TCP Encapsulation in
IKEv2"
(https://datatracker.ietf.org/doc/draft-smyslov-ipsecme-tcp-guidelines/).
>From my recollection of the meeting and from minutes it was a general
feeling in the room that 
this document was useful for implementers, since it clarified some subtle
issues
that were not covered in RFC 8229. However, at that time no adoption call
was issued since this work would require to update the IPSECME charter.
It took over a year to adopt the updated charter and now the WG
is chartered for this work with this draft as a possible starting point.
The text in the charter:

	RFC8229, published in 2017, specifies how to encapsulate 
	IKEv2 and ESP traffic in TCP. Implementation experience has 
	revealed that not all situations are covered in RFC8229, and that
may 
	lead to interoperability problems or to suboptimal performance. The
WG 
	will provide a document to give implementors more guidance about how
to use 
	reliable stream transport in IKEv2 and clarify some issues that have
been 
	discovered.

However, since it was so long since the WG last discussed the draft, the
chairs asked me to 
send a message to the list to determine whether there is still an interest 
in the WG to proceed with this work with this draft as a starting point. 

Regards,
Valery.

v2.23.0 | Report a Bug | By Email