IETF Logo Mail Archive

Re: [IPsec] Discussion of draft-pwouters-ipsecme-multi-sa-performance

"Guillaume Solignac (gsoligna)" <gsoligna@cisco.com> Fri, 28 October 2022 13:47 UTC

Return-Path: <gsoligna@cisco.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D41CC14F6E7 for <ipsec@ietfa.amsl.com>; Fri, 28 Oct 2022 06:47:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.905
X-Spam-Level:
X-Spam-Status: No, score=-11.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Kw1R9zGo; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=FshO2uBD
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VKE14DlA1gQ0 for <ipsec@ietfa.amsl.com>; Fri, 28 Oct 2022 06:47:00 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE2C5C14F748 for <ipsec@ietf.org>; Fri, 28 Oct 2022 06:47:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=780; q=dns/txt; s=iport; t=1666964820; x=1668174420; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=89sV0bavexFC96SIjJal2wH4RUZb3P3YdVBrXllxdfo=; b=Kw1R9zGo5AG+Zfw+u1+wP6kqUdGUBCBBxf+K8EPoFwPUzcvLbIy6l/aa uxeeLUJFXm/ealWe3aFMcvI9r5RtqIb3nen8CHyuEF8crZYfCaB2ge00k 9aSQDgSw6j5rLKibZL+T7SJQ9OxnJP62Fb2RHy5m2VIYuI21wrjXekfz0 c=;
X-IPAS-Result: A0AiAgBB3FtjmIMNJK1aHgEBCxIMQIFEC4FbUn9bOkWEToNMA4UviBwDm3SBLIElA1UPAQEBDQEBRAQBAYFTgzICFoRjAiU0CQ4BAgQBAQEBAwIDAQEBAQEBAwEBBQEBAQIBBwQUAQEBAQEBAQEdGQUOECeFaA2GQgEBAQECARIREQwBATcBDwIBCBoCJgICAjAVEAIEAQ0NGoJbgm4DDSMDAaECAYE/AoofeoEygQGCCAEBBgQEhREYgjoJgREsgzuFLIgDJxyBSUSBWIJnPoQcKoNVOIIuhCSRXRw4A0QdQAMLOzINURtYDgkfHA4XDQUGEgMgbgVBDyguAWcrHBsHgQwqKBUDBAQDAgYTAyICDSkxFAQpEw0rByNxCQIDIWUFAwMEKCwDCSAEHAcWESQ8B1g6AQQDAhAiPAYDCQMCIlh0MSYFAw0XJQgFTgQIOgIFBlISAgoRAxIPBiZHDko+ORYGJ0QBNA8OFgNimjtsagSBICaBG5MNgxlHrBYKg2WgaBaDZaRRXZcnIKcsAgQCBAUCDgEBBoFiOoFbcBWDIlIZD44gGYNZil51OwIHAQoBAQMJhkqBLYJHAQE
IronPort-PHdr: A9a23:TBEjIRbHDHYEysAQUs/n1pD/LTAphN3EVzX9orIriLNLJ6Kk+Zmqf EnS/u5kg1KBW4LHo+lFhOzbv+GFOyQA7J+NvWpEfMlKUBkI2skTlhYrVciCD0CzJfX2bis8S cJFUlIt/3yyPUVPXsjkYFiHqXyp5jlUERL6ZmJI
IronPort-Data: A9a23:Uqt72q28+Sw7XC890vbD5VRxkn2cJEfYwER7XKvMYLTBsI5bpzMAn TcfXjiBM/mMYGGneo8gboW18h4HusWBzt81TAY+3Hw8FHgiRegpqji6wuYcGwvIc6UvmWo+t 512huHodZxyFjmGzvuUGuCJQUNUjclkfZKhTr+ZUsxNbVU8En140Ugzw7RRbrNA2LBVPSvc4 bsenOWHULOV82Yc3rU8sv/rRLtH5ZweiRtA1rAMTakjUGz2yxH5OKkiyZSZdBMUdGX78tmSH I4vxJnhlo/QEoxE5tmNyt4XeWVSKlLe0JTnZnd+A8CfbhZ+SiMa8pocOPgkYB1rkRaOkfMtj 49U6oK9cFJ8VkHMsLx1vxhwGiV6O+hN/6XKZCH5us2IxEqAeHzpqxlsJBhpZstDpKAuWicXr qVwxDMlNnhvg8q527W/S+Zqj+woLdLgO8UUvXQIITTxUqp2EMGYGM0m4/dZ2i81hN9MAcz+f sw0awZwfBr7XxxQbwJ/5JUWxbf02SaXnydjgFONvqc8y2ne0AI316LiWPLQccbJRMhJkG6Dr 2TK8mD8CxdcP9X34SGA42mogfGJnC7nVqodEbS58rhhh1j77ncPBRMYWF39ov2wkVWzQc53M EEf5ywjse4580nDZtr8QRy+rXisvx0dHdRRe8Ui8AaLwarT5VPFXmMFVTVGLtchsec6QDUw3 RmIks/nQzt1v9W9UXuA8p+SqjO7JTNTJmZqWMMfZQIB59+mq4Ypg1eWCN1iC6WyyNbyHFkc3 gxmsgAeu5Ifj/YCjZmh3lfJoG7r/IGWUAMMs1C/sn2e0it1Y4usZoqN4Ffd7OpdIIvxcrVnl CVa8yR5xL1TZaxhhBBhU81WR+jwuKjt3Cn0xA8xQcZwrlxB7lb5JehtDCdCyFCF2yruURbtZ ELV0e+6zMAOZCLxBUObjn7YNijH5aHkEdKgXffOY58XJJNwbwSAuippYCZ8PlwBcmBxwMnT2 r/CLq5A6Er274w8l1JaoM9Gi9cWKtgWnz+7eHwC503PPUCiTHCUU6wZF1CFc/o06qiJyC2Mr YgBZ5rXl04ACbymCsUyzWL1BQ1aRZTcLc2mw/G7isbYSuabMDh7UqSIke9Jl3JNzvsL/gs3w p1NchYIlAWg7ZE2AQ6LcXtkIKj+RopyqGlTAMDfFQjA5pTXWq72tP13X8JuJdEPrbU/pdYqF KNtU5vbXZxypsHvpm51gW/V9tIyLXxGRGumYkKYXdTIV8I5F1CUqoC4IFeHGetnJnPfiPbSa oaIjmvzKafvjSw7ZCoKQJpDF2+MgEU=
IronPort-HdrOrdr: A9a23:P4IDEaplg5/UDsXqGdZfs6IaV5ufL9V00zEX/kB9WHVpm5Oj+f xGzc516farslossSkb6Ky90KnpewK5yXcH2/hvAV7EZnirhILIFvAu0WKG+Vzd8kLFh5ZgPM tbAspD4ZjLfCVHZKXBkUaF+rQbsaK6GcmT7I+0pRoMPGJXguNbnn1E422gYypLrXx9dOME/e 2nl6x6TlSbCBEqR/X+IkNAc/nIptXNmp6jSwUBHQQb5A6Hii7twKLmEjCDty1uHQ9n8PMHyy zoggb57qKsv7WQ0RnHzVLe6JxQhZ/I1sZDPsqRkcIYQw+cyzpAJb4RG4FqjgpF4t1H22xa1e UkZC1Qe/ib3kmhPV1dZyGdnDUIngxerUMKgmXo/0cL6faJNQ7STfAx3L6wtnDimhEdVBYW6t MS44vRjesmMTrQ2Cv6/NTGTBdsiw69pmcji/caizhFXZIZc6I5l/1WwKp5KuZ3IMvB0vFvLM B+SMXHoPpGe1KTaH7U+mFp3dy3R3w2WhOLWFILtMCZ2yVf2CkR9TpT+OUP2nMbsJ4tQZhN4O rJdqxuibFVV8cTKaZwHv0IT8e7AnHEBRjMLGWRK1L6E7xvAQOHl7fnpLEuoO26cp0By5U/3J zHTVNDrGY3P1njDMWftac7hSwlgF/NKQgF5vsukqSR4IeMN4YDGRfzOmwTrw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.95,221,1661817600"; d="scan'208";a="7489933"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 28 Oct 2022 13:46:59 +0000
Received: from mail.cisco.com (xfe-rtp-003.cisco.com [64.101.210.233]) by alln-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 29SDkxL5004720 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Fri, 28 Oct 2022 13:46:59 GMT
Received: from xfe-rcd-003.cisco.com (173.37.227.251) by xfe-rtp-003.cisco.com (64.101.210.233) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9; Fri, 28 Oct 2022 09:46:58 -0400
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-003.cisco.com (173.37.227.251) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9 via Frontend Transport; Fri, 28 Oct 2022 08:46:58 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cXWYEJqbivlg2cs9oDR1lZuUQjQ8LYT82xUSAD84C/C7lPf+q+raaX9gJ4sULAZxfVTUEZhhJK1qJLEpj+i3Uq8UQ61kJbWGj2P3TygXR2bCOlap4BAuZqoL81HWfN0gaD7atRUbWtJUzk9AsjZSS3xGMairFYCGVsQ6Bp+IHav4o2o+RJScpoalXnfJ859nCaKTZPHUWQOvTWZlUx/K1wK2LABIFATRH5bvdP7qObCBkp7T6fLP0nIKyQvvv+oWXHWb89UMyWcORqjSJMxzUDseWKOJhINeFv+gO+xFBQ1/6wsVssx2jO1+zmSS5uRDL+8y4cvHW6jHedbPTLaWUA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=89sV0bavexFC96SIjJal2wH4RUZb3P3YdVBrXllxdfo=; b=jl91MaPXtXtJNViXxA7NrbtUb07nZAmn08Vm9Oy+/gfw8MLnEzQ4c0xbp344i28HfQuTfw+fM/MYL6NHfc817MQJGv7f6+/cvQX2OmJkf92Q/r7oAPrHUQ0hvcuXBwqXIgY+PKOQll3y7Fs8y3EfNm7uCbKYyeI/ZwRM8s+7y9nCG2Wo5Z8iY54FOC4azNY/EyrY/W7cKxrwrymBv63VJlK/ekzgj6CydD6G51lIEWzJ8zNrQGwEzH4GEHXXJN5pqvzkrqPbLBH+GbufVyVOFUmpXxVVn9YKbUOcMtW9Xb0h0Hm/xekUhvXfEsWYa11mcFdGrgmgg2E4e14tzOgSSA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=89sV0bavexFC96SIjJal2wH4RUZb3P3YdVBrXllxdfo=; b=FshO2uBDZxd8O/R6yWpBgzTY06RJJbtgOnYCI3CrKs8GK3YKNeTXK749TXan4qshhCAVkfvmqG1m78iWHl+v8BHeFs34IBMztFy1E7gbUoEfoU89bGCutD/+g8mhOIA7Cvm4/MMoBrZZDmCCPCSWCi/DcX7F5jASOwQZTh9bx0A=
Received: from DS7PR11MB6175.namprd11.prod.outlook.com (2603:10b6:8:99::11) by CY8PR11MB7195.namprd11.prod.outlook.com (2603:10b6:930:93::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5769.15; Fri, 28 Oct 2022 13:46:57 +0000
Received: from DS7PR11MB6175.namprd11.prod.outlook.com ([fe80::f563:88c:7536:5f8c]) by DS7PR11MB6175.namprd11.prod.outlook.com ([fe80::f563:88c:7536:5f8c%7]) with mapi id 15.20.5769.015; Fri, 28 Oct 2022 13:46:57 +0000
From: "Guillaume Solignac (gsoligna)" <gsoligna@cisco.com>
To: Paul Wouters <paul@nohats.ca>, "Paul Ponchon (pponchon)" <pponchon=40cisco.com@dmarc.ietf.org>
CC: Tero Kivinen <kivinen@iki.fi>, Steffen Klassert <steffen.klassert@secunet.com>, Valery Smyslov <smyslov.ietf@gmail.com>, Michael Richardson <mcr+ietf@sandelman.ca>, IPsecME WG <ipsec@ietf.org>
Thread-Topic: [IPsec] Discussion of draft-pwouters-ipsecme-multi-sa-performance
Thread-Index: AQJS+NHZSxlPMvP0ZarIorjX6+t7ygGkEVyDAbA4wY4BcMyZqaz4Me0QgAXzmQCAAGn2gIAIYwSAgAD1aoCAAAH5gIABSo0A
Date: Fri, 28 Oct 2022 13:46:57 +0000
Message-ID: <DS7PR11MB61756DE15C01317C236098E0D6329@DS7PR11MB6175.namprd11.prod.outlook.com>
References: <DM6PR11MB4531023D4E06E619BAC9935DCB339@DM6PR11MB4531.namprd11.prod.outlook.com> <E7B7E898-DD1D-4737-9FFF-7558F1C5EE78@nohats.ca>
In-Reply-To: <E7B7E898-DD1D-4737-9FFF-7558F1C5EE78@nohats.ca>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DS7PR11MB6175:EE_|CY8PR11MB7195:EE_
x-ms-office365-filtering-correlation-id: af039c62-36fe-49e9-d228-08dab8eae1a8
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: HAhVpDGlhWozCNzYj1xwxSzXN4VCBnBE7VNqocY3vp29kR8JKELqAJnHrpgtWGwRfBAJ36FcZRpodKczYwa8Kz/AWbwRCcMWvYy2U38v/xT11sXMjkLXALSs+j4uK+zHMdtBvheZVCGue5mCmX4oN11k7K3D1oj84hpsI6FjDliC6KkNdQLP11WwHtCpYYOZYYOAnOj7acVvO3gOOhuhKfZK4rqSSkTzHeTtkyllwnMmx8npxg6sMn8XpNW2eUZULTLluYYCwqaf4lIe8vENnlsr4ZiuZJ4cpdclzBlQisjfbGbjJU2QhvH9CA7o3S41r3PhkM+T3HokxQQfsRZstJY6/SYYIsJFnVs6m0dxkbAsglOMgRfAvIh2ELGhpg+vyoMsPDG0WR8qumZRfZmcPUcAEZwvXuiSxIPyGctHVwytfxIMpy7IKmBY9zUsdFvA4sFOXRrYjt1L+TSqhi1+6WJ0sL4KGpREJzL2H2a/jHTN8f3axVNzAdN5lgAe/iFQoUgGoDEzv84ntB2vZXLVkJCln/jKYPyOtG8e3xp3z+MEb+C3eeziDXeRX2I9vAzdpqrIsEfJDDl1GDZXwJwg+uLawbh+GnUr4JFZJaT2LJ/Xxl4eFsQ9ETvYghP5doJ7H17ZMoiMWcQWuujfCGp3sbUEJqikESvjCX84hox+THdFUM0Ngo8OJ726mCLSYYPdAux7EwjfydHeOFa5L1ufwCjTWqZRHpCOqceoutOkKNS2+28fzxy/ayucQFb5SNIC
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DS7PR11MB6175.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(396003)(136003)(366004)(346002)(376002)(39860400002)(451199015)(186003)(83380400001)(38070700005)(86362001)(38100700002)(122000001)(4744005)(2906002)(66556008)(41300700001)(8936002)(5660300002)(55016003)(478600001)(26005)(7696005)(66446008)(76116006)(6506007)(9686003)(64756008)(54906003)(66476007)(52536014)(71200400001)(8676002)(4326008)(316002)(66946007)(110136005)(33656002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: XqJV0eMbaHSoM50Ugj/cmlymGPNxgiB5dLE3MCy/eroxlLNuRXScWTsaJWviQTGkIF0XmKhtcM2HLYxDxCAA+s0UFJDzWhpBj2wefVjnE3sFtQBqsaegvG1U9/xOYBW6ElQV//JxXYRLS6algLpKeZyfWOR9Xb6RdhZGX7lFhpd8lq1MewtAQoYzbWmfSaP5X4tezIuPUN8kKEXMFiPxznpW7R/vHXYl39V13+RvrecwvzI2wuB9zpE1bM8KsB2WER0vfxY5Xy++h1qCVB+DCkOUVUbR7heSF3PwuFACAmi844V98UY3YP/3W2bVbfQW8NTDFiu4Kb3UKCnocpWo0TM9aePY6Df096ez8gSQFmG7gcQEXmZZoMQiQRl/GG2mPv0Lf6NftMaqLhmrEuHXUuQbizDDiRpvy7/MJfSSh4LVLACo/TKmxnXRGXJGEZFuNPIeTonYOaMTM2mLCsHONCReRD+ZebHXvRBiu10HcxNPDGumap+uaup5Yt0I7I1v/WeJa0gR6S+fNEF84XPWk/nukTLXa1BUziPJvILpqqz3qQXKOjeNcWAyvYL+owJcCOFoHq1GBxtqubV4n1EpVUn2qV58//1ub4uMAPqn19KldK3h37S1M0Yxq6lslzQHbreZqCYd7xa96zi+jUVt02yv6pl33XWHq0ojaZ5qvOYRvnvjY98GpNJlAcWtF6WnM9cSxFlB4V4u5kM2UsSwD4ExE0uSZkszk4xxWfHXLxY91pv0eo8LlfNpnlVrDFya9nEC2HhVoGnj9IiP8bVEiYgGn70Sh5kjj0Rw7DLXJqdYQXX6iVyGuOMJCgSSOUP/oV3EFEYZqawADS4XNiJAHbEXJ62cNtVKi+10TXlBCxqABqu1qIr2XwZxwNbv79ONaKhT1PlTIewt/XK9AvXOoDEPWotCtqORYN+8W3ulCjgNHqR+C3IzMhd+wRbVq5hdHoRYoNkLX0DvgkasFFs2ik3C6Qe8wiLqeg4TyiOUypahDCrxchEpKi9NE5NgXmWd7iwoN9FLtdl8xujXrP3xLZoMGAKxUoKcK5rgrTw5gt1SDJcnZp6zirxpy0jD93KbXc+pDOImFFnWgyZA4PiZWhhypjQMea7RLHS/g/Z1oZ9Hq1ia4dEcNqa8fiY4jusvasdodruR6z7rDry7s1hnTxVZDOSmUoY/dVSK0jmxfpx7ooiFCQRM1DjxVwydF5DaKSxA9oKVvzO2ett/e+FFxA9nR5FKy6CjEEZSDu+0lnm1HAw9xSEEMrSEY1wN8xlE3NHauUA0ydc4oCgLx9hCU6QVEbcP3tWh5RlTdvLtbTlghAqQ6yxwL79RbRCTyyUpMHuiretFwOgD0+i5eb4q4STEYJe5aSjf6R5DzuJk2B63sBAH/9s9PnJBD7eCm+UCoNowvCiFJSAhk7DAUK0ZuptslcHQc0buxjkNUu0J5p/OnzFFC1lmcPIkStbb5rvZ91BP/5OPrmBkHpU7/GgDHyRPp9lfXqsQrD/3cviuG9c4QDdGUCmHV43e5IaOSuIVydYI/pKeu3JYsNzApbF6X5HbIK7oZ8fhLW+L0iQurI4=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DS7PR11MB6175.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: af039c62-36fe-49e9-d228-08dab8eae1a8
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Oct 2022 13:46:57.3816 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: WSNgOEiijEw9cpEWOevNxrsZKhdnk4I6uj1xJarxlX4pMAKRNUQ0ljXgpvD6HYpaKa7G5OThSAmSpJoIDPhPbA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR11MB7195
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 64.101.210.233, xfe-rtp-003.cisco.com
X-Outbound-Node: alln-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/I-9BuSGgQcghT_xjTzZ_f3-HOeA>
Subject: Re: [IPsec] Discussion of draft-pwouters-ipsecme-multi-sa-performance
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Oct 2022 13:47:06 -0000

Paul,

> > Is this requirement only based on not reusing the same IV on different cores or is there an additional factor I missed?
> For AES-GCM there is a 2^32 max operations per private key as well.

Are you referring to NIST SP 800-38D § 8.3 ? This is the closest I could find to this restriction. But the 2^32 invocation limitation does not seem to apply when the IV is 96 bits long and deterministic (which is the case in AES-GCM ESP RFC4106).

Is there another standard document that enforces the 2^32 limit also in the RFC4106 case ?

Best,
Guillaume

v2.23.0 | Report a Bug | By Email