[IPsec] FW: New Version Notification for draft-liu-ipsecme-ikev2-rekey-redundant-sas-00.txt
Harold Liu <harold.liu@ericsson.com> Mon, 22 November 2021 06:52 UTC
Return-Path: <harold.liu@ericsson.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9D063A0CAD for <ipsec@ietfa.amsl.com>; Sun, 21 Nov 2021 22:52:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.802
X-Spam-Level:
X-Spam-Status: No, score=-2.802 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.701, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kPiVHD269Zr4 for <ipsec@ietfa.amsl.com>; Sun, 21 Nov 2021 22:52:32 -0800 (PST)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50055.outbound.protection.outlook.com [40.107.5.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 653853A0CAC for <ipsec@ietf.org>; Sun, 21 Nov 2021 22:52:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XBCl8pvjtL3UN7v+cHsXRQA2utLHj1Ucl5KdN+GnNBm2uk/H+FXygj1eA2KPoUnQkSRmNZVkVIFXoYRmuXZPpXs87VF+vU0QkehR2QmtxGzNcrbysnkgAKy/FXnA90ow9v9aN0/a1vzpAYJsAmt7zr/B40dITqYaIYLTwi3BOozTM4BFRFrp5+Sfijujblldh+o8XKoiW/VsQSvuPsDFN0fmjCEvb049mpc9bMRhS64prlgE1y/Y7Yu+/24HJEqZ8t4JWY2rbrwuL+LrMEIlaFSGPjF3IWROXpZVIXtmw6Qdeq7HJ3Bm4fCXZpcnMRwrqtjHc9qPR9zTb36aU0bmcg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VLVVGe6po62gk16MK+JGgxuhbZXHp/LH3xu823BaL8k=; b=WmYCVZ99m0rpQd8xTcbxQHNh7iBiIjfyWpqeYB5or1qZJf13tHU/jiZMTmrvPACcjq9s0tZ1XafL+V+eGSA/VPsQgw0th0FAiw9wsiybjiBlVdU4/zHQBrev8LsUt9AmjZ/tMHIZQB+yfRtW9zJVX4YVKb/3jw+/O907vaJ+4q2MiLiAWNeLALKZg8nZN7GgzZazCJ7pq0ao1EdA4uNMTE7gEcXhFXuckp0Zn9JmmI7d9EM7fSzBJJs1CX+I9dUpU/9PSTRyf7gHBJdXKK7D3sk/e0hpx+ePdLmbWRjrsHWSYLCDti3uLaXaU8+g2UMs8iyD/4r6Ogmj9l2lYCi1kA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VLVVGe6po62gk16MK+JGgxuhbZXHp/LH3xu823BaL8k=; b=kr4RcgArCeu1yBH06aNxa3YJyxKeRtDbLuw9yqAgq95yzwRBGAVyEhccOWHAOKkwabW2GIXUUHxQsT4wFRZPs78+C3W49872ZXfNeTGJ/C568teWFrfZ8GM0xy/MAnhIRNUi6+KNUDo/gvN7mPpzEDoLtitOFuZ364Syaxdd7H8=
Received: from AM6PR07MB6056.eurprd07.prod.outlook.com (2603:10a6:20b:97::32) by AM7PR07MB6914.eurprd07.prod.outlook.com (2603:10a6:20b:1c1::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4734.10; Mon, 22 Nov 2021 06:52:23 +0000
Received: from AM6PR07MB6056.eurprd07.prod.outlook.com ([fe80::39bf:ef0e:25ff:9a0f]) by AM6PR07MB6056.eurprd07.prod.outlook.com ([fe80::39bf:ef0e:25ff:9a0f%3]) with mapi id 15.20.4734.017; Mon, 22 Nov 2021 06:52:23 +0000
From: Harold Liu <harold.liu@ericsson.com>
To: "ipsec@ietf.org" <ipsec@ietf.org>
Thread-Topic: New Version Notification for draft-liu-ipsecme-ikev2-rekey-redundant-sas-00.txt
Thread-Index: AQHX32tm7RNZtkhSyEK4GnwD3tu/9KwPGrlA
Date: Mon, 22 Nov 2021 06:52:22 +0000
Message-ID: <AM6PR07MB6056A9CCECA59F8035D04543EB9F9@AM6PR07MB6056.eurprd07.prod.outlook.com>
References: <163756302647.16358.8631436336190852796@ietfa.amsl.com>
In-Reply-To: <163756302647.16358.8631436336190852796@ietfa.amsl.com>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8db8633f-e494-49a0-c233-08d9ad84a2ee
x-ms-traffictypediagnostic: AM7PR07MB6914:
x-microsoft-antispam-prvs: <AM7PR07MB6914B0B865FA10D46878978AEB9F9@AM7PR07MB6914.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: SuMaW58qaa+4xHbkj0mvuyeUTeO6Py3/n0eamBYFjJKtKstRhv/k80LPUYvXR0/VVR6Q7Nh5h49iLjaN9aNn11axeCBabhdZ2PA9ixk8QUvF0zijIAcHp8/fDosyiqZXuEOBT/YQOsylIRpzrsHUrEz8O/7tyi2g2uNfDhoz8vN86t9A0ASUsDjXoVct1jVDRfLn0Du9/GGBC80jNMiu6i4oIcEnlebVeUramMuzo/mmf2QIanZa+oeAJ5hxZqEPaz1VmRAAdYW6JYGffeFmcrHilU+KykRq3NHtNAVPODXc0tP3vmAnA2vefI3dZjkjlvX7NCObUMUbboqOIkHunkN1zSA9r00wQ/Ab4P6StRi/MkL1SDWG2JJJ1dcRfjcPplE1HJgLcsldsuwfmzxNoitQ2RWYeU7oNcVkPqQ0PHo3nxOop/gs7QIuXHMkHbqZ1y2VaMhx39IfRjnlSQeklGh2FnXirbiL+JssUIYas3oyjtyh58m8A1LevgM/4fpoY504yeST8lsQSUlA/2A5M7HRlMbW5iT9l8RIcp6MbhPf3xvnbBkIMMHd6tnSlQeoLJn9h/Q8sB/mzRfRWKRSYzZaLf8xtwTmWfuB/unhWDBAkq/NfC+1eD/T+3k2/T2269Z577q9QOrvR+SEVznimBkCv/akxwpIz6CVkEtWZAV354kuL0ypebk572h5ZHdT9zdjyPXbCPp5kSt/gdaR/VWTiySQ6Nhlmz5zB9w6H/5xZHcOOzt26tdFXSXP49AchNGRhYYn+6ZAb3Tg9/n3rWIOWzZkBQdA9OozdNrD1st+kWYhJlOhtguOLRManecsRXNBrushajWOz2MZxTvkGzSTxX/Fk/furqcdOgBRKu9poWDTJbMnEwmv2siUZDXp
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR07MB6056.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(66446008)(64756008)(4001150100001)(66556008)(9686003)(66476007)(71200400001)(55016002)(76116006)(66946007)(186003)(33656002)(8936002)(83380400001)(122000001)(7696005)(53546011)(6506007)(38100700002)(8676002)(316002)(508600001)(6916009)(26005)(82960400001)(66574015)(15650500001)(966005)(52536014)(86362001)(44832011)(5660300002)(38070700005)(2906002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: SMwX9/6VhyJPCHzQ2tBaA+cDbi/GSXSouOcXH9XqCAtRIa7FCLaBsykBsHLbCVq4YIK01P12U8U3YimUihevFC8U2fqXB3ZoolfMyDhkhvL9VliobBZzt9ITiIev3uVdI8PW7BvMnth+UNGs3yqdZ8Axg8MIbRgZr2TNYA+fFhB+cjpeNt92mOeR872mxkRuNrDilvJM8CcZC/WZjGEEADiNarFcCnadufaRfC7El8n93+qTA0QxvlNP6ixl2uFTmnJ7dib+4RMGW6ISV0SHvE2JKjmfDG4kry+7jcznGz00+hETQckK51zUMsnlu/wAx6rc7v5FLlspUe8wlY1K4VvIZppCaWERMtVgMkxKov8CozWDBvd9S0yVmJcOZI4hF4jstSlAnFqNymIUDZYgScAbgWLmIWcrAkymHQ2hZ1jRqWaIzdzuaKqmtE81ghiJMjst/GdnuIHkP6GRgLh6R1zgmYIeRP6oPxGoU0ik8ijc7JKYKZ0u6dVTrhXWq0UXF6vUBCbe7rZ0P1oZOtQwDLS7VuaEmn/csP52VG5fwUFhEMkO5jqlgqjdUIQDRSH1e/gx0YRaseaRg76iDQHj/jjHOO1VFYg7zTR9J2nVdWvTN1P7Qh2yV6dFydG4V5pY0FcVJOmLVbgx7YlVxan+Q3XKIBD9y5UeJfCaDTwiPrB6zyMIjvxBE5h2cvMCmlHNV7bu+DMrU609odVynvRPPowKGkvffW15QDHWzAMuEbNpoj86VAXBq63BNqhvo3wYhe+lnK3ZMGKKVvCKyDbf3iD1KmPvAEsED6jYFtrSwako5LLJ1iWO8IB3CQG9yRB6jCAlEmyURzooi+zaGgoir5Kj+L+L8w25W/r6goD0LvRsCu+lyWSQwVELwgAtWdVQ+zT/aNv0sLknXAJ4QjdTpDKf2dz89gqROEgNSReAECManTjsucl1tytLkYaesgl13saE4L4ZCDXoSo9QSr6mCxFXVCmGlvNag+TogsSV17nlKWPiPLv2q774ob/oove6DxPh11sN+jPKKTDtKUGqe7F2SrEnhVwRzfAZlCeUgjXbk+AnZIO9LBPEBHFfAY7cThJ08mVuCQtLhDpDOV2pTxO+tIwpJePHGtegs8m3eZjWvzFMDkfnTNvGj3qXcJEMUySAUa1gJVNOHUu85j5HcnxuCh0wnNhVp0TcgneTnT1AC8agWsp8xa+6reQi8lFL14V4Cq6L0lmiwTmb1cG/IJkkXBieiWlAhNfPa3sePTt8pDfV8F4fduPffGsY9GSuAB4EZ2rpdi3jhy5XOd98I0jhkw0MsI5aWOgAfi8f6iwJEgB2rNILZZTmemmRq65U6UbeXOSy4hBsZ51ctk4vQM70jXRORvQRIiMrYxqWQ5hMkh2MobK76Bl8sp6t0yS5KTfDNqZPqeC78q79AUvlbxDhRKvSNQNwMBUp/PJm7g1yHAOj1Fc/hP3hrDsF0flXnazf/1qYkjTBA+t1Dhsd4XQoZJYUXsuGt7xzZOdk70txaj+6gJ5dEkKsLpmWgpwzeV+DoL6y2QXVTlPWD4Vr8q2RWOHkGQrlRQtOsfkX4aP9X6LgHM/nTnzjJTaSjrEKe0qyhFMZoMayoubDSi5SFw==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM6PR07MB6056.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8db8633f-e494-49a0-c233-08d9ad84a2ee
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Nov 2021 06:52:22.9231 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Vgc0jr3NISfkJfqKhQ25XvTdioDQCdu7746cws1R2FI6UtmyhqR2r5MVxn/GpuYBFuLWpI/vjoxUNWBiDDGEFg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR07MB6914
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/LLHMAS3DJ9-wnWOHQZQ0V45pHpo>
Subject: [IPsec] FW: New Version Notification for draft-liu-ipsecme-ikev2-rekey-redundant-sas-00.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Nov 2021 06:52:37 -0000
Recently we ran into a real problem in some IPsec use case - IKEv2 protocol supports rekey mechanism for IKE Security Association (SA) and Child SA, but may result in redundant SAs ([RFC7296], section 2.8.1) when both peers start rekeying at the same time. Although in such case IKEv2 selects the SA created with the lowest of the four nonces and the redundant SA SHOULD be deleted by the endpoint that created it, but it is not enough. Because among the standards, frequent rekeying is highly recommended, but such an approach can be non-optimal when SA are frequently rekeys as SAs are unnecessary computed and adds an additional IKEv2 exchange. So this document defines the Rekeying Priority in IKEv2 extension which enables to agree roles for rekeying of child SAs and optimize IKEv2 rekey negotiation. The below announcement is that draft. We would like to work with the community to improve and clarify tech draft. -----Original Message----- From: internet-drafts@ietf.org <internet-drafts@ietf.org> Sent: Monday, November 22, 2021 2:37 PM To: Congjie Zhang <congjie.zhang@ericsson.com>; Harold Liu <harold.liu@ericsson.com>; Daniel Migault <daniel.migault@ericsson.com> Subject: New Version Notification for draft-liu-ipsecme-ikev2-rekey-redundant-sas-00.txt A new version of I-D, draft-liu-ipsecme-ikev2-rekey-redundant-sas-00.txt has been successfully submitted by Daiying Liu and posted to the IETF repository. Name: draft-liu-ipsecme-ikev2-rekey-redundant-sas Revision: 00 Title: IKEv2 Rekey Priority Extension Document date: 2021-11-21 Group: Individual Submission Pages: 7 URL: https://www.ietf.org/archive/id/draft-liu-ipsecme-ikev2-rekey-redundant-sas-00.txt Status: https://datatracker.ietf.org/doc/draft-liu-ipsecme-ikev2-rekey-redundant-sas/ Htmlized: https://datatracker.ietf.org/doc/html/draft-liu-ipsecme-ikev2-rekey-redundant-sas Abstract: This document defines the Internet Key Exchange Version 2 (IKEv2) Rekeying Priority extension that enables to agree roles for the next rekey of the child SAs and as such optimize IKEv2 rekey negotiation. The IETF Secretariat
- [IPsec] FW: New Version Notification for draft-li… Harold Liu
- Re: [IPsec] FW: New Version Notification for draf… Paul Wouters
- Re: [IPsec] FW: New Version Notification for draf… Harold Liu
- Re: [IPsec] FW: New Version Notification for draf… Paul Wouters
- Re: [IPsec] FW: New Version Notification for draf… Tero Kivinen
- Re: [IPsec] FW: New Version Notification for draf… Valery Smyslov
- Re: [IPsec] FW: New Version Notification for draf… Daniel Migault
- Re: [IPsec] FW: New Version Notification for draf… Paul Wouters
- Re: [IPsec] FW: New Version Notification for draf… Daniel Migault