[IPsec] Protocol Action: 'Implicit IV for Counter-based Ciphers in Encapsulating Security Payload (ESP)' to Proposed Standard (draft-ietf-ipsecme-implicit-iv-11.txt)
The IESG <iesg-secretary@ietf.org> Thu, 07 November 2019 16:50 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ipsec@ietf.org
Delivered-To: ipsec@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9269B120113; Thu, 7 Nov 2019 08:50:55 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.110.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: The IESG <iesg@ietf.org>, ipsecme-chairs@ietf.org, draft-ietf-ipsecme-implicit-iv@ietf.org, Tero Kivinen <kivinen@iki.fi>, kivinen@iki.fi, ipsec@ietf.org, alexey.melnikov@isode.com, rfc-editor@rfc-editor.org
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Message-ID: <157314545559.2171.3514721523687797841.idtracker@ietfa.amsl.com>
Date: Thu, 07 Nov 2019 08:50:55 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/TsN_xk7rHuOb0e5rWhP7ILn7hNs>
Subject: [IPsec] Protocol Action: 'Implicit IV for Counter-based Ciphers in Encapsulating Security Payload (ESP)' to Proposed Standard (draft-ietf-ipsecme-implicit-iv-11.txt)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2019 16:50:56 -0000
The IESG has approved the following document: - 'Implicit IV for Counter-based Ciphers in Encapsulating Security Payload (ESP)' (draft-ietf-ipsecme-implicit-iv-11.txt) as Proposed Standard This document is the product of the IP Security Maintenance and Extensions Working Group. The IESG contact persons are Alexey Melnikov, Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-ipsecme-implicit-iv/ Technical Summary This document defines a way to omit the nonce from ESP packets when using algorithms for which the nonce is entirely predictable and calculable from the packet counter. This reduces per-packet overhead by 8 octets. Working Group Summary The document has been highly reviewed and discussed and presented during meetings and through the mailing list. The implicit iv draft was first expressed in [draft-mglt-ipsecme-diet-esp] { 00: March 2014, 01 Jul 2014 } and presented during the IETF89 in London on March 2014 at the ipsecme session [1]. The discussions lead to the following draft focusing on implicit IV within the ipsecme WG : [draft-mglt-ipsecme-diet-esp-iv-generation ] { 00 : Jul 2014 }. We were suggested then to move this work in 6lo with lead to the following draft [draft-mglt-6lo-aes-implicit-iv] { 00 : Dec 2014, 01 : Feb 2015} that have been presented in the IETF 92 ipsecme session [2]. Implicit IV as well as diet-esp has been presented in the IETF96 in Berlin [3] in July 2016, where 6lo chairs and ipsecme chairs agree that the right place to host this work was ipsecme. [draft-mglt-ipsecme-implicit-iv] was then release in June 2016 and adopted as a WG document in November 2017. This draft extended the work from AES to ChaCha20Poly1305. The document has been presented to the ipsecme WG during the IETF89 [1], IETF92[2], IETF96[3], IETF97[5], IETF98[6], IETF99[7]. [draft-mglt-ipsecme-diet-esp] https://datatracker.ietf.org/doc/draft-mglt-ipsecme-diet-esp/ [draft-mglt-ipsecme-implicit-iv] https://datatracker.ietf.org/doc/draft-ietf-ipsecme-implicit-iv/ [1] https://www.ietf.org/proceedings/89/slides/slides-89-ipsecme-3.pdf [2] https://www.ietf.org/proceedings/92/slides/slides-92-ipsecme-3.pdf [3] https://www.ietf.org/proceedings/96/slides/slides-96-6lo-9.pdf [4] https://www.ietf.org/proceedings/96/slides/slides-96-ipsecme-0.pdf [5] https://www.ietf.org/proceedings/97/slides/slides-97-ipsecme-draft-ietf-ipsecme-eddsa-draft-mglt-ipsecme-implicit-iv-00.pdf [6] https://www.ietf.org/proceedings/98/slides/slides-98-ipsecme-implicit-iv-00.pdf [7] https://datatracker.ietf.org/meeting/99/materials/slides-99-ipsecme-implicit-iv-00 Document Quality Apple has reported to have a kernel implementation. During the DevNet conference in Montreal, the IPsec maintainer of Linux mentioned that he is he waiting to have this as an RFC before implementing it. This does not necessarily means that will be its highest priority. There are implementations based in C/Python scripts as well as ongoing implementations on Riot. Personnel Tero Kivinen is the document shepherd and Alexey Melnikov is the responsible AD.