[IPsec] Fwd: New Version Notification for draft-mglt-ipsecme-clone-ike-sa-01.txt
Daniel Migault <mglt.ietf@gmail.com> Fri, 04 April 2014 09:33 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CF221A0019 for <ipsec@ietfa.amsl.com>; Fri, 4 Apr 2014 02:33:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 74YzY5zDKwzI for <ipsec@ietfa.amsl.com>; Fri, 4 Apr 2014 02:33:23 -0700 (PDT)
Received: from mail-qa0-x22e.google.com (mail-qa0-x22e.google.com [IPv6:2607:f8b0:400d:c00::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 1D0EE1A00CA for <ipsec@ietf.org>; Fri, 4 Apr 2014 02:33:23 -0700 (PDT)
Received: by mail-qa0-f46.google.com with SMTP id i13so2872832qae.33 for <ipsec@ietf.org>; Fri, 04 Apr 2014 02:33:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=9oZBglDKj7w/O/VhG5oaxLrBw16s7yXIhHWORCLZKDs=; b=n5vU1iRR/H7Tm4TbYQn4kRqlvIat6lzlmNTqUimqzks90uhykRu5olQc6kObXajw/k oHuwBLpbORugq5BUuNz6bXX3iKR25Ylfj7OZcaLUiCyz3FyA8lCBjvuiO6kUpGL/Htj7 Dcn19JrxTkh5ADUjqMLRyInpJK7i+asSjdAq9b+u3SFA4SOpCn8AFr9O7AyeG6cJKG+x 74batt9h7TqIE1uo9FhpLM28JtmHwvdE6QETZqo78bhfAgto/SlH5EyauWGjkZ8z2hx2 Ehm3skFMRInTm0cXvbEydvVmsc/c56P9uLpnP755HtCAX6H6X+3/nLXqt+mTHJNkW4rl zUxg==
MIME-Version: 1.0
X-Received: by 10.140.29.6 with SMTP id a6mr12356368qga.57.1396603998393; Fri, 04 Apr 2014 02:33:18 -0700 (PDT)
Received: by 10.140.107.117 with HTTP; Fri, 4 Apr 2014 02:33:18 -0700 (PDT)
In-Reply-To: <CADZyTkmox1-BKUrUy1Mxke+9b71iapQL0S912zsPNwb99Bnk_A@mail.gmail.com>
References: <CADZyTkmox1-BKUrUy1Mxke+9b71iapQL0S912zsPNwb99Bnk_A@mail.gmail.com>
Date: Fri, 04 Apr 2014 11:33:18 +0200
Message-ID: <CADZyTkktAw9yu3PPwboc-JVk1EB64rZVWF26XfeansFP-tsnzQ@mail.gmail.com>
From: Daniel Migault <mglt.ietf@gmail.com>
To: "ipsec@ietf.org" <ipsec@ietf.org>
Content-Type: multipart/alternative; boundary="001a113a42c6375cd004f63435df"
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/bwNNddLQnnORtp7r7VHNdzzSKP0
Cc: Valery Smyslov <svanru@gmail.com>
Subject: [IPsec] Fwd: New Version Notification for draft-mglt-ipsecme-clone-ike-sa-01.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Apr 2014 09:33:27 -0000
Hi, Here is the last version of our draft on clone IKE_SA. The main goal is to be handle to handle multiple interfaces. We believe this version -- the same as the one posted on March 13 -- is closed to the final one as we have considered previous reviews. We would like to have your feed backs, so we can move forward with the draft. The draft is only 7 pages -- excluding the appendix --, so please consider reviewing it. URL:http://www.ietf.org/internet-drafts/draft-mglt-ipsecme-clone-ike-sa-01.txt Htmlized: http://tools.ietf.org/html/draft-mglt-ipsecme-clone-ike-sa-01 BR, Daniel ---------- Forwarded message ---------- From: Daniel Migault <mglt.ietf@gmail.com> Date: Thu, Mar 13, 2014 at 9:51 AM Subject: Fwd: New Version Notification for draft-mglt-ipsecme-clone-ike-sa-01.txt To: "ipsec@ietf.org" <ipsec@ietf.org> Cc: Valery Smyslov <svanru@gmail.com> Hi, Please find the new version for the clone IKE SA draft. This version includes all comments we received. Feel free to let us know if there are more comments to address. BR, Danie Abstract: This document considers a VPN End User setting a VPN with a security gateway where at least one of the peer has multiple interfaces. With the current IKEv2, the outer IP addresses of the VPN are determined by those used by IKEv2 channel. As a result using multiple interfaces requires to set an IKEv2 channel on each interface, or on each paths if both the VPN Client and the security gateway have multiple interfaces. Setting multiple IKEv2 channel involves multiple authentications which may each require multiple round trips and delay the VPN establishment. In addition multiple authentications unnecessarily increase load to the VPN client and the authentication infrastructure. This document presents the Clone IKE SA extension, where an additional IKEv2 channel is derived from an already authenticated IKEv2 channel. The newly created IKEv2 channel is set without the IKEv2 authentication exchange. The newly created IKEv2 channel can then be assigned to another interface using MOBIKE. -------- Original Message -------- Subject: New Version Notification for draft-mglt-ipsecme-clone-ike-sa-01.txt Date: Thu, 13 Mar 2014 01:43:41 -0700 From: <internet-drafts@ietf.org> To: Valery Smyslov <svan@elvis.ru>, Valery Smyslov <svan@elvis.ru>, "Daniel Migault" <daniel.migault@orange.com>, Daniel Migault <daniel.migault@orange.com> A new version of I-D, draft-mglt-ipsecme-clone-ike-sa-01.txt has been successfully submitted by Daniel Migault and posted to the IETF repository. Name: draft-mglt-ipsecme-clone-ike-sa Revision: 01 Title: Clone IKE SA Extension Document date: 2014-03-13 Group: Individual Submission Pages: 16 URL: http://www.ietf.org/internet-drafts/draft-mglt-ipsecme-clone-ike-sa-01.txt Status: https://datatracker.ietf.org/doc/draft-mglt-ipsecme-clone-ike-sa/ Htmlized: http://tools.ietf.org/html/draft-mglt-ipsecme-clone-ike-sa-01 Diff: http://www.ietf.org/rfcdiff?url2=draft-mglt-ipsecme-clone-ike-sa-01 Abstract: This document considers a VPN End User setting a VPN with a security gateway where at least one of the peer has multiple interfaces. With the current IKEv2, the outer IP addresses of the VPN are determined by those used by IKEv2 channel. As a result using multiple interfaces requires to set an IKEv2 channel on each interface, or on each paths if both the VPN Client and the security gateway have multiple interfaces. Setting multiple IKEv2 channel involves multiple authentications which may each require multiple round trips and delay the VPN establishment. In addition multiple authentications unnecessarily increase load to the VPN client and the authentication infrastructure. This document presents the Clone IKE SA extension, where an additional IKEv2 channel is derived from an already authenticated IKEv2 channel. The newly created IKEv2 channel is set without the IKEv2 authentication exchange. The newly created IKEv2 channel can then be assigned to another interface using MOBIKE. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat -- Daniel Migault Orange Labs -- Security +33 6 70 72 69 58 -- Daniel Migault Orange Labs -- Security +33 6 70 72 69 58
- [IPsec] Fwd: New Version Notification for draft-m… Daniel Migault
- [IPsec] Fwd: New Version Notification for draft-m… Daniel Migault