IETF Logo Mail Archive

Re: [IPsec] WG adoptation call for draft-smyslov-ipsecme-ikev2-aux-02

Tobias Heider <heidert@nm.ifi.lmu.de> Thu, 21 March 2019 12:53 UTC

Return-Path: <heidert@nm.ifi.lmu.de>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FE17131170 for <ipsec@ietfa.amsl.com>; Thu, 21 Mar 2019 05:53:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QPlELpXsVu0t for <ipsec@ietfa.amsl.com>; Thu, 21 Mar 2019 05:53:12 -0700 (PDT)
Received: from acheron.ifi.lmu.de (acheron.ifi.lmu.de [IPv6:2001:4ca0:4000:1:129:187:214:135]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF6361312E1 for <ipsec@ietf.org>; Thu, 21 Mar 2019 05:23:37 -0700 (PDT)
Received: from [192.168.17.134] (unknown [83.135.23.200]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: heidert) by acheron.ifi.lmu.de (Postfix) with ESMTPSA id D32C535C138; Thu, 21 Mar 2019 13:23:35 +0100 (CET)
To: Valery Smyslov <smyslov.ietf@gmail.com>, 'Paul Wouters' <paul@nohats.ca>, ipsec@ietf.org
References: <23688.31062.426962.985107@fireball.acr.fi> <01c701d4da41$3c61f890$b525e9b0$@gmail.com> <6454f07af680410e918431971f3489f2@XCH-ALN-010.cisco.com> <001e01d4ddac$5502d770$ff088650$@nm.ifi.lmu.de> <059301d4de2d$faa5a000$eff0e000$@gmail.com> <000a01d4de79$31d3cc00$957b6400$@nm.ifi.lmu.de> <06b701d4deed$706f1310$514d3930$@gmail.com> <a1bc12d7-7c8c-cd12-f0fa-cb6bd9bb7265@cip.ifi.lmu.de> <077301d4dfbc$60031f10$20095d30$@gmail.com> <alpine.LRH.2.21.1903210506180.7783@bofh.nohats.ca> <aa4d9b8c-3442-3507-0c99-cd9533fc2135@nm.ifi.lmu.de> <07a601d4dfdb$ce2c5230$6a84f690$@gmail.com>
From: Tobias Heider <heidert@nm.ifi.lmu.de>
Message-ID: <62307254-c35e-8cef-8c57-bf2f13ffdfcf@nm.ifi.lmu.de>
Date: Thu, 21 Mar 2019 13:23:33 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3
MIME-Version: 1.0
In-Reply-To: <07a601d4dfdb$ce2c5230$6a84f690$@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Content-Language: en-US-large
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/BkVJoMW3KiBbzeO4pkunRzTeF4M>
Subject: Re: [IPsec] WG adoptation call for draft-smyslov-ipsecme-ikev2-aux-02
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Mar 2019 12:53:15 -0000

>>> I would think it quite differently. Each protocol extension just puts
>>> payloads in the IKE_SA_INIT and once that one becomes too big, the
>>> IKE daemon starts to split it up in an IKE_SA_INIT and IKE_INTERMEDIATE.
>>> This document defines what goes into IKE_SA_INIT, so the rest (eg new
>>> stuff) ca ngo into IKE_INTERMEDIATE.
>>>
>> I like that idea actually. It would be nice though to have some fixed
>> order for
>> additional payloads, as we always had a fixed order for expected payloads.
> IKEv2 has no restrictions on payloads order.
Right. It would have to have some if it was working the way Paul said
though,
because you would have to make sure at least SA, KEx, and Nx stay in the
IKE_SA_INIT
message or otherwise you can't use SK in the IKE_INTERMEDIATE.

v2.23.0 | Report a Bug | By Email