Re: [IPsec] Survey for WG interest in adoptingdraft-mglt-ipsecme-clone-ike-sa
Yaron Sheffer <yaronf.ietf@gmail.com> Thu, 27 November 2014 13:00 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AACEE1A88F7 for <ipsec@ietfa.amsl.com>; Thu, 27 Nov 2014 05:00:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XLWL3E1Bbtpz for <ipsec@ietfa.amsl.com>; Thu, 27 Nov 2014 05:00:19 -0800 (PST)
Received: from mail-wg0-x232.google.com (mail-wg0-x232.google.com [IPv6:2a00:1450:400c:c00::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AADEE1A88F3 for <ipsec@ietf.org>; Thu, 27 Nov 2014 05:00:18 -0800 (PST)
Received: by mail-wg0-f50.google.com with SMTP id k14so6342539wgh.23 for <ipsec@ietf.org>; Thu, 27 Nov 2014 05:00:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=pVDDwV1mLvGfbfMdi2o+iM8yTb4gbirNJ4xnEdCDlDQ=; b=wlrz80JQ3rKKaLYxMNMSU9TPJopxcX2kuGKEA3EO/ycZXISwhCxybnY/qWj3FSXKP5 olj9K/lNpDynLhfJ0wv9xsYPlwa0M7bErGgiJmLDMy0CaUD2z19EXfSIuAUi5vh/1T8B +tXycfJb5EzIW/Q8iCNB6YvYWpxaytCpTehDpWx9KUZIR5ARbCaR8ntRE7rO3VvYjkRX ptY6KX3JF/XGeMguuSatF6LpxGYZE1jfgeTa1EBwd46Q3exCAa9Y6KRYDbghcxDGBlaH 8G38J+utszhQ7JtMW/ulHVQadpKVIPFytrtod9s8WFRskIljIIoadoYHLrRNG+Qgo9B+ KjEw==
X-Received: by 10.180.103.6 with SMTP id fs6mr34392494wib.11.1417093216814; Thu, 27 Nov 2014 05:00:16 -0800 (PST)
Received: from [10.2.0.130] (93-172-142-150.bb.netvision.net.il. [93.172.142.150]) by mx.google.com with ESMTPSA id l3sm10629606wje.12.2014.11.27.05.00.15 for <multiple recipients> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 27 Nov 2014 05:00:16 -0800 (PST)
Message-ID: <54772059.80805@gmail.com>
Date: Thu, 27 Nov 2014 15:00:09 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Valery Smyslov <svanru@gmail.com>, Paul Hoffman <paul.hoffman@vpnc.org>, IPsecME WG <ipsec@ietf.org>
References: <FC0E9543-B2FE-48FE-8CBD-D3BDF2AA2B96@vpnc.org> <A8C8555BA51C4BDEBE348A4A6ABF33ED@buildpc>
In-Reply-To: <A8C8555BA51C4BDEBE348A4A6ABF33ED@buildpc>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/rF9G8ufzSYzH7J0x1_yojOk_790
Subject: Re: [IPsec] Survey for WG interest in adoptingdraft-mglt-ipsecme-clone-ike-sa
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Nov 2014 13:00:31 -0000
<hat on: RFC 5723 co-author> Hi Valery, Have you looked at using session resumption (RFC 5723) for this, instead of coming up with a new mechanism? Thanks, Yaron On 11/27/2014 02:56 PM, Valery Smyslov wrote: > Hi all, > > as a co-author of the draft I (obviously) support its adoption. > > I think that the mechanism it describes is useful and could be used > as a building block for several solutions. For example, > it can be used in load-sharing scenario when there are > some gateways with different IP addresses, that share > the same credentials. If client established IKE SA with > any of them then the SA could be cloned and transfered > to other nodes of this cluster without reauthentication, > and the traffic from client then could be balanced > among those gateways. > > Regards, > Valery Smyslov. > > > ----- Original Message ----- From: "Paul Hoffman" <paul.hoffman@vpnc.org> > To: "IPsecME WG" <ipsec@ietf.org> > Sent: Tuesday, November 25, 2014 11:06 PM > Subject: [IPsec] Survey for WG interest in > adoptingdraft-mglt-ipsecme-clone-ike-sa > > >> <chair hats on> >> >> Greetings again. The "Clone IKE SA" proposal tries to optimize IKE SA >> setup in cases where VPN gateways have multiple interfaces and want to >> establish different SAs on the different interfaces without having to >> repeat the IKE authentication. Instead, they could clone a single IKE >> SA multiple times, and then move it to different interfaces using MOBIKE. >> >> If you agree with the need to standardize this usage, and believe that >> draft-mglt-ipsecme-clone-ike-sa is likely to be a good starting place >> for that standardization, and are willing to review and contribute >> text to the document if it is adopted by the WG, please say so on the >> list. This WG has a history of adopting documents but then not having >> enough reviewers for us to feel confident that we are making a good >> standard, so we need to see a reasonable number of actively interested >> people before we adopt the document. If it is not adopted, the authors >> can ask for it to be published as an RFC through individual submission >> or by the Independent Submissions Editor. >> >> Please reply by December 8, 2015. >> >> --Paul Hoffman and Yaron Sheffer >> _______________________________________________ >> IPsec mailing list >> IPsec@ietf.org >> https://www.ietf.org/mailman/listinfo/ipsec > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] Survey for WG interest in adopting draft-… Paul Hoffman
- Re: [IPsec] Survey for WG interest in adoptingdra… Valery Smyslov
- Re: [IPsec] Survey for WG interest in adoptingdra… Yaron Sheffer
- Re: [IPsec] Survey for WG interest in adoptingdra… Valery Smyslov
- Re: [IPsec] Survey for WG interest in adoptingdra… Paul Wouters 🔓
- Re: [IPsec] Survey for WG interest in adoptingdra… Valery Smyslov
- [IPsec] Survey for WG interest in adopting draft-… Tero Kivinen
- Re: [IPsec] Survey for WG interest in adoptingdra… Tero Kivinen
- Re: [IPsec] Survey for WG interest in adopting dr… Yaron Sheffer
- [IPsec] load-sharing and draft-mglt-ipsecme-clone… Michael Richardson
- Re: [IPsec] Survey for WG interest in adopting dr… Daniel Migault
- Re: [IPsec] Survey for WG interest in adoptingdra… Daniel Migault