Re: [IPsec] Ensuring future extensibility for WESP
"Grewal, Ken" <ken.grewal@intel.com> Fri, 20 November 2009 17:05 UTC
Return-Path: <ken.grewal@intel.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 242B53A6A58 for <ipsec@core3.amsl.com>; Fri, 20 Nov 2009 09:05:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.998
X-Spam-Level:
X-Spam-Status: No, score=-5.998 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_37=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N868g3hLx4fC for <ipsec@core3.amsl.com>; Fri, 20 Nov 2009 09:05:30 -0800 (PST)
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by core3.amsl.com (Postfix) with ESMTP id B9C913A689E for <ipsec@ietf.org>; Fri, 20 Nov 2009 09:05:30 -0800 (PST)
Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga102.jf.intel.com with ESMTP; 20 Nov 2009 08:50:36 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos; i="4.44,778,1249282800"; d="scan'208,217"; a="571537605"
Received: from rrsmsx604.amr.corp.intel.com ([10.31.0.170]) by orsmga001.jf.intel.com with ESMTP; 20 Nov 2009 09:05:18 -0800
Received: from rrsmsx505.amr.corp.intel.com ([10.31.0.36]) by rrsmsx604.amr.corp.intel.com ([10.31.0.170]) with mapi; Fri, 20 Nov 2009 10:05:27 -0700
From: "Grewal, Ken" <ken.grewal@intel.com>
To: Yaron Sheffer <yaronf@checkpoint.com>, IPsecme WG <ipsec@ietf.org>
Date: Fri, 20 Nov 2009 10:04:04 -0700
Thread-Topic: Ensuring future extensibility for WESP
Thread-Index: AcpoFSLc1kth/nrBQ1azCQhwolsjHAB7bc5Q
Message-ID: <C49B4B6450D9AA48AB99694D2EB0A483382B3294@rrsmsx505.amr.corp.intel.com>
References: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BDF888ABAF@il-ex01.ad.checkpoint.com>
In-Reply-To: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BDF888ABAF@il-ex01.ad.checkpoint.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_C49B4B6450D9AA48AB99694D2EB0A483382B3294rrsmsx505amrcor_"
MIME-Version: 1.0
Subject: Re: [IPsec] Ensuring future extensibility for WESP
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Nov 2009 17:05:34 -0000
I support this change to ensure future compatibility with the base draft. As Yaron indicates, the extension header size is as per the current draft and we are just adding some semantics to the pad field. There is also minimal textual change in the document. Thanks, - Ken From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] On Behalf Of Yaron Sheffer Sent: Tuesday, November 17, 2009 11:30 PM To: IPsecme WG Subject: [IPsec] Ensuring future extensibility for WESP Hi, The recent draft on extending WESP which was presented in Hiroshima, explains why the current WESP is *not* extensible, and we would need a new version number if we are to add any extensions in the future. It is up to the WG to decide whether or not we want to adopt the draft, given that many people were skeptical about the specific extensions proposed. But regardless of that, it would be a mistake to publish WESP today with no facility for extensibility. After consulting with Pasi (the draft is at a very late stage, having been through IESG review), I would like to make a simple proposal to add this extensibility, with (almost) no change to the current draft. This will leave us with future options, at virtually no cost. I am basically just changing the semantics of the Padding field. Specifically: 1. Rename IPv6Padding to "Padding (Reserved for Future Use)", and allow it to be any length <256, subject to the IPv4 and IPv6 alignment constraints. 2. If P=1 (Padding Present flag), the first octet of the Padding field will hold the padding's length. [Hardware implementations can check that it is 4 for IPv6, otherwise move the packet to the slow path]. All other Padding octets are sent as zero, and ignored by the receiver. Note that there are barely any changes on the wire, as long as we don't have extensions. In particular the length remains unchanged. Thanks, Yaron
- [IPsec] Ensuring future extensibility for WESP Yaron Sheffer
- Re: [IPsec] Ensuring future extensibility for WESP Bhatia, Manav (Manav)
- Re: [IPsec] Ensuring future extensibility for WESP Grewal, Ken
- Re: [IPsec] Ensuring future extensibility for WESP Jack Kohn
- Re: [IPsec] Ensuring future extensibility for WESP Min Huang
- Re: [IPsec] Ensuring future extensibility for WESP Yaron Sheffer