Re: [IPsec] I-D Action: draft-pan-ipsecme-anti-replay-notification-00.txt
"Panwei (William)" <william.panwei@huawei.com> Tue, 05 March 2024 08:37 UTC
Return-Path: <william.panwei@huawei.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1DE9C14F682 for <ipsec@ietfa.amsl.com>; Tue, 5 Mar 2024 00:37:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j1RWEUBBDz_Y for <ipsec@ietfa.amsl.com>; Tue, 5 Mar 2024 00:37:09 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9157FC14F6B6 for <ipsec@ietf.org>; Tue, 5 Mar 2024 00:37:09 -0800 (PST)
Received: from mail.maildlp.com (unknown [172.18.186.231]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4TpphV4pCTz6D8hh for <ipsec@ietf.org>; Tue, 5 Mar 2024 16:32:10 +0800 (CST)
Received: from lhrpeml500005.china.huawei.com (unknown [7.191.163.240]) by mail.maildlp.com (Postfix) with ESMTPS id C4379140D30 for <ipsec@ietf.org>; Tue, 5 Mar 2024 16:37:06 +0800 (CST)
Received: from kwepemi100010.china.huawei.com (7.221.188.54) by lhrpeml500005.china.huawei.com (7.191.163.240) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Tue, 5 Mar 2024 08:37:06 +0000
Received: from kwepemi500010.china.huawei.com (7.221.188.191) by kwepemi100010.china.huawei.com (7.221.188.54) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Tue, 5 Mar 2024 16:37:04 +0800
Received: from kwepemi500010.china.huawei.com ([7.221.188.191]) by kwepemi500010.china.huawei.com ([7.221.188.191]) with mapi id 15.01.2507.035; Tue, 5 Mar 2024 16:37:04 +0800
From: "Panwei (William)" <william.panwei@huawei.com>
To: "ipsec@ietf.org" <ipsec@ietf.org>
Thread-Topic: I-D Action: draft-pan-ipsecme-anti-replay-notification-00.txt
Thread-Index: AQHabgRUMaECB4wPCEWfqcAJZahjubEozc0A
Date: Tue, 05 Mar 2024 08:37:04 +0000
Message-ID: <e17338d135544cd9b2a0b12e62e04536@huawei.com>
References: <170953673832.2959.758620815937504395@ietfa.amsl.com>
In-Reply-To: <170953673832.2959.758620815937504395@ietfa.amsl.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.164.106.52]
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/weEqpR_Ke0_t31JEcObKEEevzCQ>
Subject: Re: [IPsec] I-D Action: draft-pan-ipsecme-anti-replay-notification-00.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2024 08:37:13 -0000
Hi folks, As a follow-up of the previous discussion about ESN and anti-replay entanglement problem, we've prepared a draft: https://datatracker.ietf.org/doc/draft-pan-ipsecme-anti-replay-notification/ The current draft mainly wants to highlight the problem. It also gives a preliminary solution of adding anti-replay status notification in IKEv2 to fulfill the requirement in RFC 4303 and RFC 4303. Whether to do unbinding ESN from anti-replay needs more discussion and feedback, and can be updated into the draft in the future if people want. Comments and reviews are more than welcome. Regards & Thanks! Wei PAN (潘伟) -----Original Message----- From: I-D-Announce <i-d-announce-bounces@ietf.org> On Behalf Of internet-drafts@ietf.org Sent: Monday, March 4, 2024 3:19 PM To: i-d-announce@ietf.org Subject: I-D Action: draft-pan-ipsecme-anti-replay-notification-00.txt Internet-Draft draft-pan-ipsecme-anti-replay-notification-00.txt is now available. Title: IKEv2 Support for Anti-Replay Status Notification Authors: Wei Pan Qi He Paul Wouters Name: draft-pan-ipsecme-anti-replay-notification-00.txt Pages: 7 Dates: 2024-03-03 Abstract: RFC 4302 and RFC 4303 specify that, during Security Association (SA) establishment, IPsec implementation should notify the peer if it will not provide anti-replay protection, to avoid having the peer do unnecessary sequence number monitoring and SA setup. This document defines the ANTI_REPLAY_STATUS Notify Message Status Type Payload in the Internet Key Exchange Protocol Version 2 (IKEv2) to inform the peers of their own anti-replay status when creating the IPsec SAs, to fulfill the above requirement. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-pan-ipsecme-anti-replay-notification/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-pan-ipsecme-anti-replay-notification-00.html Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www.ietf.org/mailman/listinfo/i-d-announce
- Re: [IPsec] I-D Action: draft-pan-ipsecme-anti-re… Panwei (William)