[IPsec] draft-mglt-ipsecme-clone-ike-sa-00
Daniel Migault <mglt.ietf@gmail.com> Thu, 13 February 2014 14:24 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB9B91A0240 for <ipsec@ietfa.amsl.com>; Thu, 13 Feb 2014 06:24:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PqtW7IUYtrcL for <ipsec@ietfa.amsl.com>; Thu, 13 Feb 2014 06:24:56 -0800 (PST)
Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) by ietfa.amsl.com (Postfix) with ESMTP id B748B1A0237 for <ipsec@ietf.org>; Thu, 13 Feb 2014 06:24:55 -0800 (PST)
Received: by mail-wi0-f181.google.com with SMTP id hi5so8632596wib.8 for <ipsec@ietf.org>; Thu, 13 Feb 2014 06:24:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=J7CMIxdSp68efdjPCcPgnQytWaFGhG1rYOrL/C231nc=; b=Suy+TFGWo2rvNvWmFrOfEeDo11hgPhWp36sQrv01SJgy6blTnDcw1QWvMCIBv8e60a AXIqlRKNVgTSrgm0DNsQOnATqB1kjXJKelXG1aRpAYq69NBWefPVl7fx1t0SykXf9zZV 5BezM5Zu1eLyUCqzIgCaiJfL9ZRz63mbPNBEveS036eIQndbKDQkHdGfjgO/peng/iEc j2zXS4JhIYsocjbFyJIpLvhbVdX6N+Ov16zUFvNOMm+Tf42R7gNn0p1zjwW263XzKNIv Smc+VuC/BhYS3QIEC4p679gzde1/osOr6cQPUu6ZREMeJGhL/dikRarXBlhOmbAKR70q XQ7g==
MIME-Version: 1.0
X-Received: by 10.180.13.33 with SMTP id e1mr6774149wic.38.1392301494105; Thu, 13 Feb 2014 06:24:54 -0800 (PST)
Received: by 10.194.171.129 with HTTP; Thu, 13 Feb 2014 06:24:53 -0800 (PST)
Date: Thu, 13 Feb 2014 15:24:53 +0100
Message-ID: <CADZyTkno271pGsgJsOs1UyzCRUQnMVtZW0=3gm29hzfAtVbZfg@mail.gmail.com>
From: Daniel Migault <mglt.ietf@gmail.com>
To: "ipsec@ietf.org" <ipsec@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Subject: [IPsec] draft-mglt-ipsecme-clone-ike-sa-00
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2014 14:24:58 -0000
Hi, Please find our draft "Clone IKE SA Extension" http://datatracker.ietf.org/doc/draft-mglt-ipsecme-clone-ike-sa/ This extension indicate that during a rekey of a IKE_SA, the current IKE_SA MUST NOT be deleted, thus leaving two parallel IKE_SA. This draft has been presented as draft-mglt-ipsecme-keep-old-ike-sa-00 in Berlin. This version added the comments received from Valery, Yaron and Tero both on th emailing list and during the meeting. Any comment is welcome! I have two questions regarding this draft: 1) I specified in which exchange type the different payloads are expected to be found. CLONE_IKE_SA is sent in a CREATE_CHILD_SA exchange only. CLONE_IKE_SA_SUPPORTED is expected to be found in message of type IKE_AUTH and INFORMATIONAL. Should we restrict it to IKE_AUTH ? 2) The CLONE_IKE_SA Notify Payload in a CREATE_CHILD_SA exchange is included both by the initiator and by the responder. By doing so, the responder confirm everything is fine. On the other hand we can assume sending no error - once peers have agreed they support the extension - indicates it is fine. I would like your feed back whether the responder should have this CLONE_IKE_SA Notify payload in the response or not. -- Daniel Migault Orange Labs -- Security +33 6 70 72 69 58
- [IPsec] draft-mglt-ipsecme-clone-ike-sa-00 Daniel Migault