Re: [IPsec] GDOI and G-IKEv2 payloads

Valery Smyslov <smyslov.ietf@gmail.com> Tue, 06 February 2024 07:31 UTC

Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4B91C14F5F7 for <ipsec@ietfa.amsl.com>; Mon, 5 Feb 2024 23:31:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q9GUfXlZnDBc for <ipsec@ietfa.amsl.com>; Mon, 5 Feb 2024 23:31:47 -0800 (PST)
Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com [IPv6:2a00:1450:4864:20::334]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCF79C14F60A for <ipsec@ietf.org>; Mon, 5 Feb 2024 23:31:47 -0800 (PST)
Received: by mail-wm1-x334.google.com with SMTP id 5b1f17b1804b1-40fc52c2ae4so36107165e9.3 for <ipsec@ietf.org>; Mon, 05 Feb 2024 23:31:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1707204705; x=1707809505; darn=ietf.org; h=thread-index:content-language:content-transfer-encoding :mime-version:message-id:date:subject:in-reply-to:references:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=tfif7QfaYnYK5lBTwxiAmoPAmA9VvX9dXFYQSuB6Jq0=; b=gyFXPKUP2nE3taYwL4R1ejRi7fqC+g7HdBosGDK0RCV3d/KfEHY6B/wm2QSpsd5k5T DFhxLbzSWIT2JGEKAApnqRYWBIu6s5ID1rP9zjCqB75cMHYPjM7CcyZk05WvqyP2VZuy yOuApdj0IcndnQh38+es0gEY2QiL4k/H9vGkpJcZ95KzMXLBXC7hd0PSSrF6t48fqE66 +R8uD4WATZW6OK2RkcSm1sQ13PlywTzjRpKDZ8Zl2oiCx90SS8lEP/5kJa2vPvaP7utX /9MOplaDi7W/MDtaTTx0ydBQtm16Hlarww/xIYKV8XPGnPKTd/CE10gMVsUrLlWrJPwF 8WNA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707204705; x=1707809505; h=thread-index:content-language:content-transfer-encoding :mime-version:message-id:date:subject:in-reply-to:references:cc:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=tfif7QfaYnYK5lBTwxiAmoPAmA9VvX9dXFYQSuB6Jq0=; b=lpcXdBnkImOGT8IN7CO9tFavsRY5zY1B7yahili/Gmf74jACEvFyeaVYp2YE4jx1an eO+PQyLMw00Tv49hPUczmlkDNe8JuCIcUt6l3imxAngpFERSEDuF3kTABM4huY7gkM+C 0zvpH1DUa43WLHLrBulG6jzCfGfFjRZhHUSh2a/fNNViQS3WGeQ2008mp8cyxMTzlFZ6 7YA07nawZ7wdhOFtPPwU1bEMXylMLWRBOOXkAqHdfjn7diZ7m8rDwrKFUhbkS2tYPhop BOfkby5Gg+k7NeqQnbCBqzAmzEILkmlo+FZvKdAdFgkEbcoW9MLFuplMKkvg+WgA79M+ ZzFw==
X-Gm-Message-State: AOJu0YyvJ2BXmICQdIoIKNnpY8xeWVVAF8viFYYmgJtU/nuXRAjf3b2E Vo33Vkd11E9cO2UbRGXPeCMfIV5CQhLDwfiA3lQEVblRYDZT5X74Pwv3bfQS
X-Google-Smtp-Source: AGHT+IHT9iywNhdeRJABKBL/25e5i8Cm8VhgMfgCaCHRPiC7cqlV0Le7CV3225KW90YOg8d39cYF4g==
X-Received: by 2002:a05:600c:4ecf:b0:40f:d25c:41d0 with SMTP id g15-20020a05600c4ecf00b0040fd25c41d0mr1384952wmq.29.1707204704901; Mon, 05 Feb 2024 23:31:44 -0800 (PST)
X-Forwarded-Encrypted: i=0; AJvYcCWd3RGITfNHM+wNOCV9ZCpdMYyJoKfPjGefoC3f0yv1lyhgo8yZVDQF8eRcM3C9GXxSuVaVYBYJpJfBY3H26nkqoLCmYqnvIhSThBwlcy/I7RWIh1HvkinVXW0=
Received: from BuildPC ([93.188.44.204]) by smtp.gmail.com with ESMTPSA id p1-20020a05600c358100b0040fdf5e6d40sm1012446wmq.20.2024.02.05.23.31.44 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 05 Feb 2024 23:31:44 -0800 (PST)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: 'Toerless Eckert' <tte@cs.fau.de>, "'Fries, Steffen'" <steffen.fries=40siemens.com@dmarc.ietf.org>
Cc: ipsec@ietf.org
References: <DB9PR10MB6354CF46CDE84485FB1510BCF3472@DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM> <ZcEQWFuF7Uj_dY-d@faui48e.informatik.uni-erlangen.de>
In-Reply-To: <ZcEQWFuF7Uj_dY-d@faui48e.informatik.uni-erlangen.de>
Date: Tue, 06 Feb 2024 10:31:43 +0300
Message-ID: <02ff01da58ce$88f7f630$9ae7e290$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Content-Language: ru
Thread-Index: AQJ9gH558reIYOrUNdeISaKBvcFO0wJuat3Fr6MglEA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/PrSfEXwtooZ2MDov3BlhmD8WiLk>
Subject: Re: [IPsec] GDOI and G-IKEv2 payloads
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Feb 2024 07:31:51 -0000

Hi Toerless,

first G-IKEv2 should be published as RFC. The draft is currently in WGLC
(for a long time),
but received very few reviews so far (and many thanks to all who reviewed
it!).
I'm planning to publish an updated version addressing Daniel's review soon.

Once G-IKEv2 is standardized, there is no problem (IMHO) to do the
equivalent of RFC8052 with it.

Regards,
Valery.

> How would someone today do the equivalent of RFC8052 with G-IKEv2 ?
> 
> On Mon, Feb 05, 2024 at 04:06:11AM +0000, Fries, Steffen wrote:
> > Hi,
> >
> > I've got a question regarding the relation of G-IKEv2 and GDOI.
> >
> > I realized that G-IKEv2 will be the successor of GDOI and would have a
question
> regarding backward compatibility of payloads defined for GDOI. As the
underlying
> exchanges for the base key management changed from IKE to IKEv2 they will
not
> be backward compatible. Nevertheless, there have been enhancements of GDOI
> for protocols used in the power system domain like GOOSE and Sampled
Values,
> which lead to the definition of new payloads for the ID, SA TEK and KD
payloads to
> accommodate the power system protocol parameters in RFC 8052. Likewise,
using
> the same approach new payloads of the same types have been defined to
> distribute parameters for PTP (Precision Time Protocol) in IEC 62351-9.
> >
> > In general, I realized that there are similar payloads available in
G-IKEv2 but I
> was not quite sure, if it was a design criterion to have backward
compatibility for
> extensions/enhancements defined for GDOI to be usable also in G-IKEv2.
Could
> you please shed some light on this?
> >
> > Best regards
> > Steffen
> >
> > --
> > Steffen Fries
> >
> > Siemens AG
> > Technology
> > Cybersecurity & Trust
> > T CST
> > Otto-Hahn-Ring 6
> > 81739 Munich, Germany
> > Phone: +49 (89) 7805-22928
> > mailto:steffen.fries@siemens.com
> > www.siemens.com
> > [Logo]
> > Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim
Hagemann
> Snabe; Managing Board: Roland Busch, Chairman, President and Chief
Executive
> Officer; Cedrik Neike, Matthias Rebellius, Ralf P. Thomas, Judith Wiese;
> Registered offices: Berlin and Munich, Germany; Commercial registries:
Berlin-
> Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322
> 
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec