[IPsec] DELETE_REASON notify (draft-pwouters-ipsecme-delete-info)
Paul Wouters <paul@nohats.ca> Mon, 04 March 2024 03:58 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DAF0C14F682 for <ipsec@ietfa.amsl.com>; Sun, 3 Mar 2024 19:58:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S8yHUPuFlScw for <ipsec@ietfa.amsl.com>; Sun, 3 Mar 2024 19:57:56 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F132AC14F5FA for <ipsec@ietf.org>; Sun, 3 Mar 2024 19:57:55 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4Tp4fV1T5Kz1mH for <ipsec@ietf.org>; Mon, 4 Mar 2024 04:57:54 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1709524674; bh=i5kBDlgpBUCI97UYtFwbvJ7In/XmcLJihY0LDBtYIgY=; h=Date:From:To:Subject; b=bzoGDkIFEOj9YhK5zKQvJhKYMyP/ad4AQJ5FGOoW8nFU7ynulRhCbOkVUHyf89WUC TmzwFKBEcx6DKEWtwDBTC7FYBOIJMhbUlpHag21QPFQvFaR4aHJIE0qo+/ilAiNo1t VgDwRofDGLl9Hodujh4bTc+QYVH70FSM2h/CZuTU=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id LZJsDlrMbMqi for <ipsec@ietf.org>; Mon, 4 Mar 2024 04:57:52 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS for <ipsec@ietf.org>; Mon, 4 Mar 2024 04:57:52 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 30FF31178144; Sun, 3 Mar 2024 22:57:51 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 301EC1178143 for <ipsec@ietf.org>; Sun, 3 Mar 2024 22:57:51 -0500 (EST)
Date: Sun, 03 Mar 2024 22:57:51 -0500
From: Paul Wouters <paul@nohats.ca>
To: "ipsec@ietf.org WG" <ipsec@ietf.org>
Message-ID: <c030b7ce-148f-0260-2004-6510c287b281@nohats.ca>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/g79HbR4bjJ-5BUc65agLiJpKoaM>
Subject: [IPsec] DELETE_REASON notify (draft-pwouters-ipsecme-delete-info)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2024 03:58:01 -0000
At IETF-118 I presented the issue on reason of deletion. >From the Introduction: The IKEv2 [RFC7296] protocol supports sending a Delete Notify message, but this message cannot convey the reason why a particular Child SA or IKE SA is being deleted. It can be useful to know why a certain IPsec IKE SA or Child SA was deleted by the peer. Sometimes, when the peer's operator notices a specific SA is down, they have no idea whether this is permanent or temporary problem, and have no idea how long an outage might last. The DELETE_REASON Notify message can be added to any exchange that contains a Delete (42) payload specifying an estimated duration and reason. Example reasons are specified in Section 5. The payload defined had a TEXT field that could be used. There was some discussion about the advantage and disadvantage of those with opinions of: 1) enums are clearly specified and good to interop. And less bytes on the wire. 2) enums can't cover everything. 3) Why not both? We can specify text, basically making those enum-like. But then it seems we would still need some kind of registry. If we allow both, we could do an enum registry (eg two octets) followed by text. Although I also fear that if the free flow text is really needed on top of the enum, then the enum system wouldn't really work and we end up using text as defacto enum. So I'm more leaning towards a registy (simple, open First Come First Serve for most entries, maybe reserve the first 1024 for Standards Action). The draft is here: https://datatracker.ietf.org/doc/html/draft-pwouters-ipsecme-delete-info Thoughs? Comments? (dis)agreements ? Paul
- [IPsec] DELETE_REASON notify (draft-pwouters-ipseā¦ Paul Wouters