IETF Logo Mail Archive

Re: [IPsec] FW: I-D Action:draft-nir-ipsecme-childless-00.txt

Raj Singh <rsjenwar@gmail.com> Fri, 03 July 2009 13:50 UTC

Return-Path: <rsjenwar@gmail.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9FA2F3A69E7 for <ipsec@core3.amsl.com>; Fri, 3 Jul 2009 06:50:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.412
X-Spam-Level:
X-Spam-Status: No, score=-2.412 tagged_above=-999 required=5 tests=[AWL=0.186, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IQeFrPOTqR5o for <ipsec@core3.amsl.com>; Fri, 3 Jul 2009 06:50:44 -0700 (PDT)
Received: from mail-px0-f178.google.com (mail-px0-f178.google.com [209.85.216.178]) by core3.amsl.com (Postfix) with ESMTP id 174113A6AB6 for <ipsec@ietf.org>; Fri, 3 Jul 2009 06:50:43 -0700 (PDT)
Received: by pxi8 with SMTP id 8so2845050pxi.29 for <ipsec@ietf.org>; Fri, 03 Jul 2009 06:51:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=alRhyS07IXV0H2TO+dQd6hyMbA73zAMYru4LJLNZZa8=; b=rG5fEk02kSXiLrmTbEHk/DjeY6uWCaljkadUcF0RC7o3q0wQvnWRgT/Ul/dgpkm5NG 1AVJXmwZPk7UA1PZL1/29Q9p0MSC3TTw53wZ1Q8VEMC4qKeFb9g8YeUWtgMWmDtg7HBV nKsbR4+JohLDTtrNEwKK+CFIk4eJjs8U/+W9k=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=rXlQevr5eBVRv2hUaZUoTX+gFkSUPsYuXeVK5Ekw5G0/40AlW40DG1N8W/hbTm4rV7 vmFuaVlg8g0+PWptohiV4guR/VzkAWuhiOLTwNCwjc+3WrLb/hCeY/lCVMOp34flT6xy QUex0IGqtS8fE9qjc+MLQ2c1ioOrgTnEncHSg=
MIME-Version: 1.0
Received: by 10.142.229.5 with SMTP id b5mr513646wfh.314.1246629064352; Fri, 03 Jul 2009 06:51:04 -0700 (PDT)
In-Reply-To: <006FEB08D9C6444AB014105C9AEB133F433539DEC2@il-ex01.ad.checkpoint.com>
References: <20090701091501.2DAE328C101@core3.amsl.com> <006FEB08D9C6444AB014105C9AEB133F433539DEC2@il-ex01.ad.checkpoint.com>
Date: Fri, 03 Jul 2009 19:21:02 +0530
Message-ID: <7ccecf670907030651uec406e4ha9fa9adc027f8335@mail.gmail.com>
From: Raj Singh <rsjenwar@gmail.com>
To: Yoav Nir <ynir@checkpoint.com>
Content-Type: multipart/alternative; boundary="000e0cd149408c4b23046dcd72bf"
Cc: "ipsec@ietf.org" <ipsec@ietf.org>
Subject: Re: [IPsec] FW: I-D Action:draft-nir-ipsecme-childless-00.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jul 2009 13:50:45 -0000

Hi Yoav,

Mostly the Initiator will decide that it wants to bring UP only IKE SA
without child SA.
But currently there is no notify/VID from Initiator to Responder to indicate
that initiator wants to bring only IKE SA. Even if responder does not
supports "childless IKE_AUTH", it will process IKE_SA_INIT, involding CPU
intensive D-H calculations, and send IKE_SA_INIT response without "childless
VID" payload.

By introducing a notify/VID payload from Initiator that it wants to bring UP
only IKE SA without child SA wil ease the processing ar Responder side. If
responder does not support "childless IKE_AUTH", it can send INVALID_SYNTAX.
Then, Initiator will wait for "Child SA" info to be available to bring UP
both IKE and child SA, normally as mentioned in RFC 4306.

Thanks,
Raj

On Thu, Jul 2, 2009 at 1:42 AM, Yoav Nir <ynir@checkpoint.com> wrote:

> Hi all.
>
> This is the fourth iteration of this draft.  New in this iteration
>  - Another co-author
>  - Changed the name, so that this item is considered in the rechartering
> discussion
>  - Fixed some notation and some discussion based on comments from the list
>
> Yoav
> ________________________________________
> From: i-d-announce-bounces@ietf.org [i-d-announce-bounces@ietf.org] On
> Behalf Of Internet-Drafts@ietf.org [Internet-Drafts@ietf.org]
> Sent: Wednesday, July 01, 2009 12:15
> To: i-d-announce@ietf.org
> Subject: I-D Action:draft-nir-ipsecme-childless-00.txt
>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
>
>        Title           : A Childless Initiation of the IKE SA
>        Author(s)       : Y. Nir, et al.
>        Filename        : draft-nir-ipsecme-childless-00.txt
>        Pages           : 7
>        Date            : 2009-07-01
>
> This document describes an extension to the IKEv2 protocol that
> allows an IKE SA to be created and authenticated without generating a
> child SA.
>
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-nir-ipsecme-childless-00.txt
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> Below is the data which will enable a MIME compliant mail reader
> implementation to automatically retrieve the ASCII version of the
> Internet-Draft.
>
>
>
> Email secured by Check Point
>
>
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
>
>

v2.31.3 | Report a Bug | By Email | System Status