[IPsec] Additional charter items 1/4: Responder MOBIKE

Tero Kivinen <kivinen@iki.fi> Fri, 16 February 2018 18:01 UTC

Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 3A0C5129C6B for <ipsec@ietfa.amsl.com>; Fri, 16 Feb 2018 10:01:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id Kavywv2p8dff for <ipsec@ietfa.amsl.com>; Fri, 16 Feb 2018 10:01:02 -0800 (PST)
Received: from mail.kivinen.iki.fi (fireball.acr.fi []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A52301200C1 for <ipsec@ietf.org>; Fri, 16 Feb 2018 10:00:57 -0800 (PST)
Received: from fireball.acr.fi (localhost []) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id w1GI0tsJ022304 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <ipsec@ietf.org>; Fri, 16 Feb 2018 20:00:55 +0200 (EET)
Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id w1GI0qrQ005349; Fri, 16 Feb 2018 20:00:52 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <23175.7252.256625.885691@fireball.acr.fi>
Date: Fri, 16 Feb 2018 20:00:52 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: ipsec@ietf.org
X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd)
X-Edit-Time: 5 min
X-Total-Time: 5 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/CIec5q7q8CCVoGrPx0jpjIyXb7g>
Subject: [IPsec] Additional charter items 1/4: Responder MOBIKE
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Feb 2018 18:01:03 -0000

This is items we did not manage to reach full consensus in the IETF
100 meeting. There were concerns and questions why this is needed and
why it cannot be done with already existing methods (mostly redirect
etc, or updating the address lists).

The proposed charter text is


MOBIKE protocol [RFC4555] is used to move existing IKE/IPsec SA from
one IP address to another. However, in MOBIKE it is the initiator of
the IKE SA (i.e. remote access client) that controls this process. If
there are several responders each having own IP address and acting
together as a load sharing cluster, then it is desirable for them to
have ability to request initiator to switch to a particular member.
The working group will analyze the possibility to extend MOBIKE
protocol or to develop new IKE extension that will allow to build load
sharing clusters in an interoperable way.


It could be also possible that we first start just researching whether
we actually need any protocol changes, and if so make specifications
for them, and if not, we might still want to publish some kind of
informational document describing how those existing mechanisms can be
used for this purpose.

Send your comments and whether you support adding this to the charter
to the ipsec list in next two weeks.