IETF Logo Mail Archive

[IPsec] Maximum sizes of IKEv2 messages and UDP messages ?

"Dang, Quynh H. (Fed)" <quynh.dang@nist.gov> Wed, 17 June 2020 13:49 UTC

Return-Path: <quynh.dang@nist.gov>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A1423A0809 for <ipsec@ietfa.amsl.com>; Wed, 17 Jun 2020 06:49:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OuI12NLq9iQs for <ipsec@ietfa.amsl.com>; Wed, 17 Jun 2020 06:48:59 -0700 (PDT)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl2gcc02on2134.outbound.protection.outlook.com [40.107.89.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CCE53A077D for <ipsec@ietf.org>; Wed, 17 Jun 2020 06:48:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UxZzDb06kXo6nIrfrfq5ye2swf0vmq0xJzehih576GIyUn3pOsu1TgD5rD1h8NwjPS6QhLmYqkolGfaP6CWt6nYupQGdGbIhfOePJ2IsyT6UOiF59zzks2BeY8Ae+zKoOUxhpao2jG0HkRlMyXolLJgPM8DM4b1yJMFCAemsZW5d2YNOekyICjwZlMp2yfFUEoRzf2I+KhDw7FhBXHL2PpLdZfc8t5G3dgTglfCL1Xgq04/EIO6oT1tu3HyuNiOdKsJ8IBLWfcaDRarTjXLE9DUWUNbOQ/3fdzlCAFfoEhId+ZVlBysb/LAtMuLM6iWzw0eyhD59lLybmuIec+7E2A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=r4haKjYmwg2BoTSWh1iDIzsck8/cJt9VAdNCdfVyLn4=; b=jDbuEIyPMeCNrEeRyYoZYjR/2N+uzRefXdopIzqp6KXkPTCZ0OuTsJv/pn8aKN30erK8FilbiW1shF4V0IyNxlXIurrrezS/BCOxdgDuDZBUDdqjlDl67CM8pESmpGfXFoNqvo0Lwa4voNWS801RWUQB9hY2NX0Tce3MBVkNLV2634s0fXyUFOfUa9qnxmOyMzn43DgnzipgbK2Byv6aJNOMwUUv1xX5m7VDOTkBMaWBfP9/1yS8Nob8bMQcIxcSMWInUYhcHU0G0nVttL6jftzhASpAAm77qG13XOYn2vYnQiD3LOddoMCGjm8k0jcAX0xy4zd3CHAKZRG3sb55Bg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=r4haKjYmwg2BoTSWh1iDIzsck8/cJt9VAdNCdfVyLn4=; b=K599ForQTbpgRMZpvQT+/KgTn1jmT+M0Xib/Fsai0KU5o8p66xqERBOzJIZ5zNhrJaYPHc4IufPydl+s7+1INDhBo/K7RDhTg43BDNi+72kVMIm8DkAmNcqkbDjuwn+CmUrCdZeFtjc8ZI3/fAY/+Ia7podOWN5sRpyuFOmmJ6Q=
Received: from BY5PR09MB4755.namprd09.prod.outlook.com (2603:10b6:a03:24b::12) by BY5PR09MB4504.namprd09.prod.outlook.com (2603:10b6:a03:1c5::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.22; Wed, 17 Jun 2020 13:48:55 +0000
Received: from BY5PR09MB4755.namprd09.prod.outlook.com ([fe80::ad7a:30eb:a279:a9a3]) by BY5PR09MB4755.namprd09.prod.outlook.com ([fe80::ad7a:30eb:a279:a9a3%6]) with mapi id 15.20.3109.021; Wed, 17 Jun 2020 13:48:55 +0000
From: "Dang, Quynh H. (Fed)" <quynh.dang@nist.gov>
To: ipsecme mailing list <ipsec@ietf.org>
Thread-Topic: Maximum sizes of IKEv2 messages and UDP messages ?
Thread-Index: AQHWRKwTbexJ5B/60kaRS2oRKSlgJg==
Date: Wed, 17 Jun 2020 13:48:55 +0000
Message-ID: <BY5PR09MB47550EF86C79AD4B009DACE2F39A0@BY5PR09MB4755.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.152.168]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 7987f4c2-07c6-4bd9-2913-08d812c52da8
x-ms-traffictypediagnostic: BY5PR09MB4504:
x-microsoft-antispam-prvs: <BY5PR09MB4504AEBC0EDAD2A15C90503BF39A0@BY5PR09MB4504.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6108;
x-forefront-prvs: 04371797A5
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 11lWSu0PFOp5GZs6Jws04abp+doawF0O9rXwHtPFwvqtoLbolfIUIv3CA3mOuNtcU+jzffYQExUdKfsYd0jQmtf5xlM4Z7LQ1HfCKWC5J/5ZDQlZr75bKz1oemnIKKhr2OlPQ3WVSWUMKXiWRl+rIs2nstg8p8PZgyZWJjM+VaaiPSI5Jqy0Oe+mVO4+xw115VxtbY6o2oPuIfS+BBMCEXsd4JaB9Zcx1pfX1b1ELHXSetE+Y006t5sPywEDZbkhsxE4Yv58DALMbczxhDnMg95LpDu9TVzl7Dz5tt1egh1tUTlQtHs8/4aJuwKKwuAMpH87bLMP1yTPNAVJ2zX/NA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR09MB4755.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(376002)(136003)(366004)(396003)(39850400004)(346002)(7696005)(186003)(66446008)(8676002)(19627405001)(66946007)(4744005)(55016002)(66476007)(9686003)(15650500001)(6916009)(71200400001)(64756008)(66556008)(76116006)(91956017)(316002)(6506007)(5660300002)(26005)(52536014)(8936002)(33656002)(83380400001)(478600001)(86362001)(2906002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: KWm2FqIyD0B5weXVAeB1VW6WhOvQ0T2PUEBAHwuNnFf8J9boFM3OKciKk6+O6qY7FMALxCXMwUYcYePtxd+QvDI1BkjV+caPYCbKtcO8Ps+936jjJmKuwEsTD1kn5cFLqOuf9VwBWEWwRtCkza8ifEzGyusSsYfxQsuIHsFD/MwT1vOjh+paDDy8FCjEWkos9RCj3MQWAUoZau1k2PqmMqan7JbYXZeu49HDGyFNValyHPhmsCGHqakdScz8xKsS/y6k/H5sTqyqxDxfyW7/nsQRvylGWZpzLyv/4BfqI/FvjdzzZe6X4PBhHUPQcvJ5oTcv504BVZC3j0jUnudDSQsOrDyP7FfYr6Rbtvzl7aMbMni5iluhargrtgHmJ2Oy44klBrtrDXsRg3XOXSihtvmrzSo+YN3z3a0cSthVaFE8/g788YbaAfuMSGAU4yRTk5mv6Mjkl1ZrlRRhnFzWbVJdNUPs8/4Ehyuy6NhhdRU=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BY5PR09MB47550EF86C79AD4B009DACE2F39A0BY5PR09MB4755namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: 7987f4c2-07c6-4bd9-2913-08d812c52da8
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jun 2020 13:48:55.5553 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jITw2ApNSH9LQaLC7IoxKu9NdAPBZte8ZXIqsdiMaBLzuL1kUcMYZj4tPAaBxOhx
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR09MB4504
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/cBJAl-S-_6eKc-erQCKG8Zb56ss>
Subject: [IPsec] Maximum sizes of IKEv2 messages and UDP messages ?
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jun 2020 13:49:02 -0000

Hi everyone,

I am interested in knowing what are typical maximum sizes for IKEv2 messages and UDP messages in implementations.

The reason is that the IKEv2's spec has a must and a should being 1280 and 3000 bytes respectively for IKEv2 messages, but does not have a maximum limit.

As you know some of the post quantum cryptographic candidates in our standardization process have large or very large public key , signature and/or ciphertext sizes.

My guess is that some updates to the spec and/or implementations would make them work.

Your data points and discussions are appreciated.

Regards,
Quynh.

v2.23.0 | Report a Bug | By Email