IETF Logo Mail Archive

Re: [IPsec] Virtual interim about re-designing ESP?

Michael Richardson <mcr+ietf@sandelman.ca> Tue, 22 November 2022 18:29 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C578C14F74F for <ipsec@ietfa.amsl.com>; Tue, 22 Nov 2022 10:29:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jC_XTUoWN4Ho for <ipsec@ietfa.amsl.com>; Tue, 22 Nov 2022 10:29:13 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88B1FC14F736 for <ipsec@ietf.org>; Tue, 22 Nov 2022 10:29:13 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 72BAD1800D; Tue, 22 Nov 2022 13:54:49 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 988Ern3qw2Zm; Tue, 22 Nov 2022 13:54:48 -0500 (EST)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id B0B5E1800C; Tue, 22 Nov 2022 13:54:48 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1669143288; bh=rYL5QXfYawTooNEzB6qU0wEoULkmXlYk6CgC9y+arGY=; h=From:To:Subject:In-Reply-To:References:Date:From; b=B3DwfLObTGpqz4NLkXrVPqtd2EuUSvJo+0OCLwIyak6ZgSKVf4ZXNVSvpIrQBqNS+ wOipU+0qFkgMHDEA9h8NSkyJEA1Ku/DlACwf2RO2gtblmmP5Tk9chLgQWUvHX4LaeV nN2LfPjujuQVulAYfN6YVJv/z80A8A8ft7SAKlNeMpSIBxbNHUZdlocNhqBvaStsfn LU/6m52FHgIKTHG91d4ayMl1FJwBxdW5G0gg1PIoQ5s1X0WqK5e8GEgrdgBMwlOPPW +M8SSJxPjhIbzf2axImAWB1v+97ayuhPGdqIgcB4UoWPomXPthJYFTNAySCxKvZxwW KJ8grrAx401yw==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id EBB3E1FD; Tue, 22 Nov 2022 13:29:11 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Steffen Klassert <steffen.klassert@secunet.com>, ipsec@ietf.org
In-Reply-To: <20221121124714.GA704954@gauss3.secunet.de>
References: <20221121124714.GA704954@gauss3.secunet.de>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 27.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Tue, 22 Nov 2022 13:29:11 -0500
Message-ID: <14252.1669141751@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/ux00sk0xf-hPKDieQpc7Juu-d-w>
Subject: Re: [IPsec] Virtual interim about re-designing ESP?
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Nov 2022 18:29:17 -0000

Steffen Klassert <steffen.klassert@secunet.com> wrote:
    > at the last working group meeting in London, it was quite some interest
    > to work on a re-design of ESP to make it fit to the multi-cpu case, QoS
    > classes, HW offloads etc.

I agree with your idea in the subject, of a virtual interim on this.

    > https://www.ietf.org/archive/id/draft-ponchon-ipsecme-anti-replay-subspaces-00.txt

While there is a problem space section in this document, I found it a bit inadequate.
I think that it is important to collect all of the challenges into a single
set of goals.

    > The Google PSP Security Protocol (PSP) is another new 'ESP like'
    > protocol. There is some interest to standardize PSP, so the issues that
    > are solved there should also be considered when designing a new ESP
    > version. Most concepts that are used in PSP are taken from IPsec ESP,
    > so IMO this should be integrated into the IPsec protocol suite.

It would be great to have the problems/challenges that this aims to solve, as
well as the RAVSI concepts there too.

    > - What are the problems to solve?

Let's get consensus on this aspect first.  Maybe there are things that we
might agree are out-of-scope, or are really implementation specific issues.
That might mean a document be written, and the WG do a consensus call.

    > - How should the problems be solved?
    > Please let me know if there is interest,

Thank you for bringing this up.


--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email