[IPsec] GDOI and G-IKEv2 payloads

"Fries, Steffen" <steffen.fries@siemens.com> Mon, 05 February 2024 04:06 UTC

Return-Path: <steffen.fries@siemens.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41FA6C14F685 for <ipsec@ietfa.amsl.com>; Sun, 4 Feb 2024 20:06:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dIKydYa3kenP for <ipsec@ietfa.amsl.com>; Sun, 4 Feb 2024 20:06:15 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2048.outbound.protection.outlook.com [40.107.21.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24676C14F60C for <ipsec@ietf.org>; Sun, 4 Feb 2024 20:06:14 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oKWuIieqFnRwcU+VitQsHuulVZQwWabS8b31R6jv9db4ak1Zp+PlGPbZlOt/yXTXTUch/XUPuI01Lz2XbhjIlUMjfGRk+OrA6npeaP8NG5sUPiGTAnZu/TD2aFf8epRobm85HqIre+O++r46ctxRrVvMXUgtGGjI5BwtOvAcvc1J/CUBN/njv5VBfHJh2HOytMVyYe3jQVQljHD+dTJCIX8/BGN1MZsTkWhmHlgF9DHYQhfpmC5Vue+NjARL2jnKZ+H211lp8/5pPmndCdPMF8nRj9HAJFv1BotqASGDaUE6Tx03iHNhbezl96nlEAnX5tmBkNFvgvMDalkxYGdW8A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rk3HxqKSSHULGWac0zyv0zHfftB627k8+Ipsqbmu5s8=; b=P4PfMDjwr8EQikbgYOc7IY1Yv6Zbe59MWUB5O5tHfOFcAZwS/MYvDhlK0JfMnjCgVPpP5QYICCZwg8U3AHVUP32MxFAG5YCtVFpm58kJ7PaC5Sn8wGwR5NZuMCdQGLxFgwHQwi64mHDP9Tcjzu0KDAW7lT1TMCM1/bi1tXhG6s2i1YVZt0dyqSXG8zVwSA2j46AFPRTiQanNX25xdRHKQz5OlU7pX8aaUZQSAXKRXRMZepYeX20AXSoOZhB5qaMtcPaVmCDJ0VKepH4qiAdhn5AeUnZ5OfpmxSJDsEvK9qJxCmhCOxySFgqRGeuaNvKSZTbqND7jT2XwFIJ/Sy45gQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rk3HxqKSSHULGWac0zyv0zHfftB627k8+Ipsqbmu5s8=; b=pSc+ymbPoUvKU3gxpttAeRHmqxeBZEHQQy+e3f0hazP85LOSXLxBP0luLQUPmLyw58ts1VZc4NUj3Fk1duNA8EodvTYLbGFVMmfAR6sJ5yZKlLtK6qlHaDvw3nKFf4WAmKdiUFzOC1tyQDb5QHnniq7xdHcIE98WzPMcjiG6A94rTaFG3GbqGzmmHiYAwCMOh2cUgk0BU8TowmqLW28nTh/dHarRwNM5v+iYVHtqxtmGnjVeqTyMRykTt0UZ0QK9wldczzV0wAC1sXk6q2hb+LU161BYKQmm+brf4e/PozEbldW/wV3/6l7LW0lB6cZsm7T+R9Jw85xm/zfGj2/LpA==
Received: from DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:3c6::22) by GV2PR10MB6116.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:150:ad::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.34; Mon, 5 Feb 2024 04:06:11 +0000
Received: from DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM ([fe80::46f5:6c35:6d02:c724]) by DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM ([fe80::46f5:6c35:6d02:c724%2]) with mapi id 15.20.7249.032; Mon, 5 Feb 2024 04:06:11 +0000
From: "Fries, Steffen" <steffen.fries@siemens.com>
To: "ipsec@ietf.org WG" <ipsec@ietf.org>
Thread-Topic: GDOI and G-IKEv2 payloads
Thread-Index: AdpX5r6A7czED10vRGGJXbnBwfkIOg==
Date: Mon, 05 Feb 2024 04:06:11 +0000
Message-ID: <DB9PR10MB6354CF46CDE84485FB1510BCF3472@DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=0b9a95d2-7c07-4360-ace7-268d7e077452; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2024-02-05T03:51:44Z; MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DB9PR10MB6354:EE_|GV2PR10MB6116:EE_
x-ms-office365-filtering-correlation-id: 0eafa723-cbfb-4b54-cbfe-08dc25ffc9f0
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: fMQo3/nVMU4o8xatlG3jy8V/gBcSCuLEkoMpNbXSy06xoy5o+Xf7P4TzkWBDoMamQppuA9lFSJQdCwlLWOm3311yNRxJMNi8MS/sYLjxgaycy3JzIaB0nNvNOCIvhwNRg4gSDl2Mk0oKGLLrMquGZ8xji/LTmTh0PIPuCZA2GHcbMKYRyREDjatas8PEgDk2zpYRylm7ZXY7RAyuY2JiL9PM8bIs/ue1J6ANgUYaZOueJg5NOFkX6BCxjiNWu47VENMUG67+XU6UFN5LtIALKHixt4/9Lp/wBdRrYRmYnAIMPPjUf0pQJcTWYAVfRdbRAMcSomeD6HHPYCjb9l4joi4GFYg5OfjCU0uuxpFoj+ZaJ1nkpuixKQrN6e+QFskrQLDzshd/pjY7uHSV0PA8b/EUgysyQj5wufqhSnBCsM85u5yvXaj2HsJuae+nt4N1RanSh8bXl/zrJpmDKkx/N9uoGNvk24y11m2jpnwcmG3wM+oX40Zi70bLfVXMRhCLYbCojcLelhTkDsxGQgnAuBnfyf70JY2UxY38FSGDJLnVQgE0dMn3EippAi57rWmG7n7o2t59+3aeTNEj3o6GMAlPnH7hmgZdqNd4phVXBmw=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(376002)(396003)(366004)(39860400002)(346002)(136003)(230922051799003)(451199024)(64100799003)(1800799012)(186009)(41300700001)(8676002)(82960400001)(38100700002)(8936002)(2906002)(64756008)(66556008)(5660300002)(66446008)(122000001)(33656002)(52536014)(99936003)(9326002)(9686003)(478600001)(7696005)(26005)(6506007)(71200400001)(66946007)(316002)(86362001)(6916009)(66476007)(83380400001)(76116006)(38070700009)(55016003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 9aHiaKHJkspVITx2u9UXJX2ufUlOl819Sb2FLzGFEl77vfpQBI4588TBSC1WPCLIzRYpNSj8QNisEkk4/4uK2vA06VO6Yd0FgSLPv9KlN0sNhQQwLX+ffeiFmNg7NNxXWvqMYgCe27W0iBZUgqG1M0yBYU13JAkvgX4qZ1kwklO3o5B8v12NOLuNHNiT3eCE0TGG7Ubrc6OBM7v1pLGoY1ksUqWAzn2oHkB+L+usPwBWUUsOxJYF+gAXxBVDpFQA0Q9nipscolxrbT5xWY4woDAbj+wBviMHPd2A3vzOcUHvXK+mOw9yeGt0rEgquG01Fid+z9umUrw2kQ0tYTBTv/NGOeoTplAzW4UZMXicsRvGPuCEsfsvghvCquyih/XL7X57v09GO0x9XG2ALH9XeO52f5gR2tAX8XoiRArdzdru9lToL375BqXeSlriwn/8RfB2gKKOrHkprmy6Ha/illwVsoQrMMqK+hPuhlGXubtvsoHok/VKcIgZhEW2EgvbQT5IV49qQiXowQ3QzfT/BUnd3SH80aZsygd+/zQQQ960NL6DIEjMBB9obqjzixGFasHuyR3Xg5uHBOeZf1plVH8uBqI3CowRrMe99Vqzt9KzZ0fR+U8Sq8g1Nz4xS4RXMxH4UFPBSwfSeEDTe+Rjb1/ZooGfYlta+gs6JhXj84OyxhhO/K+nUk8rjpumpiUeis/vd+Rg7+K3g0q9puObtCi/lhzVfDpDIWexzhpNCeJz/4fYAYMuufha5xEMjcwi+4imde1U4QFX1wOcuACK/B07B9tkS9jRFs7bY+XAiZ4pz27Mx0xiR0D8zq9R8LJ+/4EwVGyz5MlCPsDNOl//YmYUpYMYBozSFLYFI99JFnBRAdfqUHsJ8tAN7ZFyaLZJEH+M4pfZYyGTqeVRGeGNleDQMNzxAeTU9YLpR3qdTMh6MKh7uTLKb1iBaBkEFLISf38QukYm1eZt1iBzsjOuj/O27pRMYnUikk7sU42SWA2Jw0FvbM0fYCOzN3ZMW/aJP4fYYsXs7iWEvsOYDuGMjngc8bX8cw+4f7SHU27ipBMsjB6HTaHe1G4esypfP68E4REaedUPfaO0J4VXhyVaRgI6DOfI+yeKpDrsB1H1Pg38Z//N4ESYLlnyrHGpRcFJECnunx2Nz91SGEzzTS9RrlKuJa6sEHc7Kv6YM9TAIqom1FeBPB1fLtkKSAROD2IqgDLJy5xy4/JE3sKScZwm5lzWlWehv8rBLomwNPY5WAA6NFhre25HoVelG5LTqCk9HU1wozwmoEyhITsMeLu8s2UvYernY4Jl94+rSRbM+ywwqbeaVE2B9wuwWDQCvV5ZcywOi3OJOhiu8CSya2BlcaUfswsZhQbz2rYieRGRWmu+/syTrx7f6tumJO/orLujiLIEv2CMxO7eEaYj6lYMa+FimRA4e1dynt1maNb7OAONW8WfC0UYqF7WMCqoMpGVfoxWqy7085xsFzjygGnTBWIV+KCMgrmQyDJIAwecEoBP+5Rbpce2/gS4sVa3Sa6GoNpOav4rQmgsaoJpdJLnwd66TtqeNTx1QGtaocfFNfnZHi4h+masOJdOlcRwyKsI/fLGdkyO6O+GptxHiFOSvA==
Content-Type: multipart/related; boundary="_004_DB9PR10MB6354CF46CDE84485FB1510BCF3472DB9PR10MB6354EURP_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB9PR10MB6354.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 0eafa723-cbfb-4b54-cbfe-08dc25ffc9f0
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Feb 2024 04:06:11.4429 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: aET/04RuuA03XQ1F71JZk3hax8EF9DovcSKNN4j9Mf2y9GIcz5R43kWAhyCxvCEgOnM+xhNFj0aPdXa2gEzFPLXGOXkKBhFTWmPaHdbdFLg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV2PR10MB6116
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/txKUqLerjaoPdB1bZTyDOvrGGqI>
Subject: [IPsec] GDOI and G-IKEv2 payloads
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Feb 2024 04:06:19 -0000

Hi,

I've got a question regarding the relation of G-IKEv2 and GDOI.

I realized that G-IKEv2 will be the successor of GDOI and would have a question regarding backward compatibility of payloads defined for GDOI. As the underlying exchanges for the base key management changed from IKE to IKEv2 they will not be backward compatible. Nevertheless, there have been enhancements of GDOI for protocols used in the power system domain like GOOSE and Sampled Values, which lead to the definition of new payloads for the ID, SA TEK and KD payloads to accommodate the power system protocol parameters in RFC 8052. Likewise, using the same approach new payloads of the same types have been defined to distribute parameters for PTP (Precision Time Protocol) in IEC 62351-9.

In general, I realized that there are similar payloads available in G-IKEv2 but I was not quite sure, if it was a design criterion to have backward compatibility for extensions/enhancements defined for GDOI to be usable also in G-IKEv2. Could you please shed some light on this?

Best regards
Steffen

--
Steffen Fries

Siemens AG
Technology
Cybersecurity & Trust
T CST
Otto-Hahn-Ring 6
81739 Munich, Germany
Phone: +49 (89) 7805-22928
mailto:steffen.fries@siemens.com
www.siemens.com
[Logo]
Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann Snabe; Managing Board: Roland Busch, Chairman, President and Chief Executive Officer; Cedrik Neike, Matthias Rebellius, Ralf P. Thomas, Judith Wiese; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin-Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322