[IPsec] Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2 draft
Valery Smyslov <smyslov.ietf@gmail.com> Tue, 28 April 2020 09:54 UTC
Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A85DE3A1212; Tue, 28 Apr 2020 02:54:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MRIhPfvI7_ZH; Tue, 28 Apr 2020 02:54:55 -0700 (PDT)
Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC58B3A1210; Tue, 28 Apr 2020 02:54:54 -0700 (PDT)
Received: by mail-lf1-x12e.google.com with SMTP id y3so748638lfy.1; Tue, 28 Apr 2020 02:54:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding:thread-index:content-language; bh=lUzjd0UEkPm1lRGFeGR2y4+pw8+UhRG6y1qm/4EvDSo=; b=kNONYapGyL46WNy2ORGFaAziI5yhPdW+AYjx+k1lGpKR28oaKVggwHQPBnCyhXUppU jzwUCUi0wzbhqC1v73xdXTgJ8u2B7cZU9pkcYeAU/0jDTHO33rT2Y5ejgZ6BW8vlMUz2 PaLuiYHV3VZ8XbBzQF10kILx5BSmn7xVobvihycC7ez8jQKOz1o4hZdKWIWioswC/c8z 9KhX6atRIYPy31yiN44L+yYOGjZA1bIngp6EOUfmQkIqQb92ohk5la0E6AvZycs4Fjzc NI12kweMlqsUornH2cf4uHWvwPnCgxfmKnahJ4DNsC6u2xTq9NyV3oM7hl17rEu+hTJW 0tCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding:thread-index:content-language; bh=lUzjd0UEkPm1lRGFeGR2y4+pw8+UhRG6y1qm/4EvDSo=; b=NQLHN/rIyO2VhtRK0y8nQrQ+isWNasNov5iQoOBjUTRnLCN5765TvJ2GWkUvXi/s7m EZGpU/T5mJ6vhiBzh1iIfE8uxEcwTS4IVQY/fsVl6gkohtD/7ptcRCDRTyW1lRezSHET D08QifQimaWZB8mnZAd1iFT/O4OnV9wZwBXAEtIUFBN1FIfc3w8meOM1T0TwGU3rZ3CD CuAHT/hn1uizMoNBIAgZHgTmso2LJCuJxtN4hvUdJ3KCgQZuhaM+tkZl0W04DOA5vNCA JLfCT1TfKaDdEdQAS4DwA0aBsNVm7SBJASiWKecHdEsYq9a13O1uq7ODdYmLYIEppW/X suKQ==
X-Gm-Message-State: AGi0PuY73VAKx9OKcBI3GCyAR+jwW1uZ6QAp+A4OSJ6xzh5jqLSr2Xro //53lFD0XLwGssNICdbscFgpsBD2
X-Google-Smtp-Source: APiQypJ0To83PCic0PZB4jvs8BBKV5bQeVy7acX7RwrGy7+pnKX3OFZA0M+sM4zWC82YScn/zEAFqQ==
X-Received: by 2002:ac2:57cc:: with SMTP id k12mr18068017lfo.69.1588067692435; Tue, 28 Apr 2020 02:54:52 -0700 (PDT)
Received: from svannotebook (95-27-147-103.broadband.corbina.ru. [95.27.147.103]) by smtp.gmail.com with ESMTPSA id s27sm12078857ljo.80.2020.04.28.02.54.51 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 28 Apr 2020 02:54:51 -0700 (PDT)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: ipsec@ietf.org
Cc: ipsecme-chairs@ietf.org
Date: Tue, 28 Apr 2020 12:54:49 +0300
Message-ID: <0b5201d61d43$0f16dfe0$2d449fa0$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdYdQKpf169Cj9ucQkeiClQsqb56ag==
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/B83fY4Gec9fSY1oiRepogWwJc6E>
Subject: [IPsec] Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2 draft
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Apr 2020 09:54:57 -0000
Hi, a one and half year ago at IETF 103 in Bangkok I presented draft-smyslov-ipsecme-tcp-guidelines "Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2" (https://datatracker.ietf.org/doc/draft-smyslov-ipsecme-tcp-guidelines/). >From my recollection of the meeting and from minutes it was a general feeling in the room that this document was useful for implementers, since it clarified some subtle issues that were not covered in RFC 8229. However, at that time no adoption call was issued since this work would require to update the IPSECME charter. It took over a year to adopt the updated charter and now the WG is chartered for this work with this draft as a possible starting point. The text in the charter: RFC8229, published in 2017, specifies how to encapsulate IKEv2 and ESP traffic in TCP. Implementation experience has revealed that not all situations are covered in RFC8229, and that may lead to interoperability problems or to suboptimal performance. The WG will provide a document to give implementors more guidance about how to use reliable stream transport in IKEv2 and clarify some issues that have been discovered. However, since it was so long since the WG last discussed the draft, the chairs asked me to send a message to the list to determine whether there is still an interest in the WG to proceed with this work with this draft as a starting point. Regards, Valery.
- [IPsec] Clarifications and Implementation Guideli… Valery Smyslov
- Re: [IPsec] Clarifications and Implementation Gui… Tommy Pauly
- Re: [IPsec] Clarifications and Implementation Gui… Paul Wouters
- Re: [IPsec] Clarifications and Implementation Gui… Valery Smyslov
- Re: [IPsec] Clarifications and Implementation Gui… Yoav Nir
- Re: [IPsec] Clarifications and Implementation Gui… Benjamin Kaduk
- Re: [IPsec] Clarifications and Implementation Gui… Valery Smyslov
- Re: [IPsec] Clarifications and Implementation Gui… Benjamin Kaduk
- Re: [IPsec] Clarifications and Implementation Gui… Tero Kivinen