Re: [IPsec] GDOI and G-IKEv2 payloads

Tero Kivinen <kivinen@iki.fi> Wed, 07 February 2024 14:37 UTC

Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93A8DC14F71F for <ipsec@ietfa.amsl.com>; Wed, 7 Feb 2024 06:37:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.2
X-Spam-Level:
X-Spam-Status: No, score=-2.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.091, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iki.fi
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F5jNxE1Rjbc1 for <ipsec@ietfa.amsl.com>; Wed, 7 Feb 2024 06:37:02 -0800 (PST)
Received: from lahtoruutu.iki.fi (lahtoruutu.iki.fi [185.185.170.37]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF5D7C14F5FA for <ipsec@ietf.org>; Wed, 7 Feb 2024 06:37:01 -0800 (PST)
Received: from fireball.acr.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: kivinen@iki.fi) by lahtoruutu.iki.fi (Postfix) with ESMTPSA id 4TVN3t4QZhz49Q3p; Wed, 7 Feb 2024 16:36:58 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1707316618; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MhRcJAbpSc1j+9QUg+4lBVM1gh9ijhjX4Uz+V+NRhRw=; b=f8dztXAHPFDMJi2MknwFwHmcG5WQ9N0ZCi8NPn7MT/27ZjZtQV5/HY5+fukQrPDy8yYV/4 5BdYVPjs+kTaJbRm7CyWA2SebZvUZfIJUWzutKXuNvoN+cWynT6NYOdVc+hPuSF6YmF4n1 HB8Yb3A2dzIpccOGpR9tn+C3LkiuGRtKEZKma2ZyU3k8cpSBF7bql6ucDX287fusi1Toz/ abrMMa/VqkGAxd9c2KLt79ECXW+6A56rCRmwGysNvQqiX9buXJT+0zuWWqMpBuaBGKbr0b gQqSzWsIeWh74OgIV/B1ZnI77zjDrJI5d/vCdt5b9NLgTZjO9EXKM2cs42zhwQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1707316618; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MhRcJAbpSc1j+9QUg+4lBVM1gh9ijhjX4Uz+V+NRhRw=; b=gQirjPkfnFpdZJaVSIyUYIOg1cYXnP4W7ZEjyz1dbLbZ0blNEDfHBUDszgh2STmmFFmfjI NXJ79lPCWMz5NopwVawTY4ECW7AmQ95yn+8P2ep26gH9A4API8cGVBf2KGwhi7asWeVvj+ Ee/oPCeFyDvObKsAs0HFyyTLgLPvvb0MvwW7MGdR3t9Kr9B33XlTeNVWyM5MPSDzHXDVpE SbVwQATWbpqMriucS82x0jMCOzEZXtriM8jJWBU+OaJzP6wHwwS9GlQs7vAEum4bitpHaW 1wFHghFsNXkM6MkTrdhwfR4DTQ45gwmNQm9ny5mvs0ZEvy9igObnWikiq+3Qyg==
ARC-Seal: i=1; s=lahtoruutu; d=iki.fi; t=1707316618; a=rsa-sha256; cv=none; b=qQyKTa28AExf62VWElDls4cg/z+qGCy6VEKNMYnnXqE4mDTeK/RnBcsX+l2AjP3HSLOb4r qdAxNPgawoYSnJOB4YlFDsn837uX+XicnwBHgXjA2UgN+NYgGRooAcoCjjFIyv08ooloEh hEOTfasPocDEPHma/0DHgal84VAhoi1edndraq/ZZzXAN2x0wsHuNd3gQNXCsvBoaGiWej ZtbHwKLCnSv/P5SgMpXFBK+GFYTdLbBgU65x8wKH72nI7hTjSTizZjnE10WTUW/P9zDWy9 gisf+SSTDfMrQjLvZdDGn2xIOrDdwQrJWXjs+P4NumWxGTHDfx8QbGVyV8r8gA==
ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=kivinen@iki.fi smtp.mailfrom=kivinen@iki.fi
Received: by fireball.acr.fi (Postfix, from userid 15204) id 2AE7925C12C2; Wed, 7 Feb 2024 16:36:58 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <26051.38282.110311.3777@fireball.acr.fi>
Date: Wed, 07 Feb 2024 16:36:58 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: Valery Smyslov <smyslov.ietf@gmail.com>
Cc: 'Toerless Eckert' <tte@cs.fau.de>, "'Fries, Steffen'" <steffen.fries=40siemens.com@dmarc.ietf.org>, ipsec@ietf.org
In-Reply-To: <037401da599c$0242e680$06c8b380$@gmail.com>
References: <DB9PR10MB6354CF46CDE84485FB1510BCF3472@DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM> <ZcEQWFuF7Uj_dY-d@faui48e.informatik.uni-erlangen.de> <02ff01da58ce$88f7f630$9ae7e290$@gmail.com> <ZcJayWHonFVxYRhv@faui48e.informatik.uni-erlangen.de> <037401da599c$0242e680$06c8b380$@gmail.com>
X-Mailer: VM 8.2.0b under 26.3 (x86_64--netbsd)
X-Edit-Time: 4 min
X-Total-Time: 4 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/StyLA5Wfg68AT-jVsdBYtEYoV7Y>
Subject: Re: [IPsec] GDOI and G-IKEv2 payloads
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2024 14:37:08 -0000

Valery Smyslov writes:
> > Ideally, i would even like to see a small section in G-IKEv2 that
> > outlines how GDOI extensions can be mapped to G-IKEv2 . If this
> > waas all registry entries in RFC8052, then it would IMHO even be a
> > great exercise for progressing G-IKEv2 to see if equivalent
> > registry entries for G-IKEv2 would be sufficient. And the section
> > i am thinking of would for example just be a comparison of
> > registry tables.
> 
> I don't think core specification should define how all existing extensions
> of an older protocol could be mapped to the current one, but few general
> words could be added.

G-IKEv2 will have its own IANA registries just like IKEv2 has separate
registries compared to the IKEv1. This will mean that none of the old
extensions can be used directly for G-IKEv2 as new IANA allocations
will be needed, but making new RFC that will define how old G-DOI
extension for G-IKEv2 should be quite simple, mostly just doing IANA
allocations and using IKEv2 terms and payloads instead of old ones.

I do not see any major issues for making an RFC that adds old G-DOI
extension to G-IKEv2.
-- 
kivinen@iki.fi