Re: [IPsec] I-D Action: draft-ietf-ipsecme-g-ikev2-01.txt
Valery Smyslov <smyslov.ietf@gmail.com> Mon, 13 July 2020 07:56 UTC
Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48BB43A0A4A for <ipsec@ietfa.amsl.com>; Mon, 13 Jul 2020 00:56:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Level:
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3psHKAcjPhp5 for <ipsec@ietfa.amsl.com>; Mon, 13 Jul 2020 00:56:30 -0700 (PDT)
Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 413303A0A43 for <ipsec@ietf.org>; Mon, 13 Jul 2020 00:55:52 -0700 (PDT)
Received: by mail-lj1-x22e.google.com with SMTP id f5so15990666ljj.10 for <ipsec@ietf.org>; Mon, 13 Jul 2020 00:55:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:references:in-reply-to:subject:date:message-id:mime-version :content-transfer-encoding:thread-index:content-language; bh=PCWxDjTMxL5HUXch3u917mFNhu/2+AOtP6M+Ft1zoKM=; b=b860uBnDARn1OSj+/p6vGoGUFL70XOcbsWSkbsY3iB4JIsqy2H1ihhbcdXVM5bTtLf ha2d2EzLPC3x/QGa6a3D13RGs9ntkeI+IW+Y2OdAb/DQ2WFZuycWt7X1641E/D5QWyZo ib9q4+2qjQ/cAn9X+k83kI+yv5Jvu7gl5zvj0D3P+DW/MdDiFNfS7t1hPMb45S2rD07a Ul4HKqaBmlrhcG0B+nT4r9QGhSpQI1AOY4sJF4Zj7/B2SicyTwbem1zy3rJ6PQyVOHz7 rSq85kQLLCKjg9S5oF+IpfxEkcmNYnMIiEgsmKnIV9BumAsIW5BrYBX6lptF29U1Jbfz CnJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:thread-index :content-language; bh=PCWxDjTMxL5HUXch3u917mFNhu/2+AOtP6M+Ft1zoKM=; b=Ztvhi4tK6KmqWLnD2/8vQvGE216hkOYT19ZyqCHqL0wSvVWtY8/MCyJSsfC9w90ZPK NBHlsfR3ZhUW+AqL8Gh51jvvcPydfgDazg23YmbQIgSZTxauRhMNkaK+NhWfECIq6V5s n9bKMFB/snbj4C/efgaqHu1Ao03HGzikM3rHB4UCwu7FxVKYMp9muTSuvOKA0YRos/1Z Q6namFQ2T83tKuOVHnErtjX+vEw24zwgOiD62QklD+jG4GouhwWLwJq95qUKnlaBhgMG IaNlrSV1O8qQDEes2CBdrlmnT+NLm275AdAXJS+BB1SaNVivBASl6ISCTEKa/rxSaLtk TutA==
X-Gm-Message-State: AOAM531J9srOekzDBVFAtTQiFntAwe1YMOezmnSefdxJ10tX4d3W6Rn4 sIS0DX7Hyemgc3ZqL2lGREYFGZ2L
X-Google-Smtp-Source: ABdhPJyYr4rRAyA3K8WXuuut1dVKGxq+6RxBJantqyDIKJexbxaPll74rbcIREthgF5Ty82UV+qQyQ==
X-Received: by 2002:a2e:3619:: with SMTP id d25mr47431328lja.204.1594626949860; Mon, 13 Jul 2020 00:55:49 -0700 (PDT)
Received: from buildpc ([82.138.51.3]) by smtp.gmail.com with ESMTPSA id v11sm3943833ljh.119.2020.07.13.00.55.49 for <ipsec@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Jul 2020 00:55:49 -0700 (PDT)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: ipsec@ietf.org
References: <159462174867.19497.16427475944619409741@ietfa.amsl.com>
In-Reply-To: <159462174867.19497.16427475944619409741@ietfa.amsl.com>
Date: Mon, 13 Jul 2020 10:55:48 +0300
Message-ID: <1d1701d658eb$060c8150$122583f0$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJThj0DVC6pi3Fz/DqupZwIV3yA+qgKvK9w
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/wph2nlHOfZOI9XMBUZk-0cbQIhI>
Subject: Re: [IPsec] I-D Action: draft-ietf-ipsecme-g-ikev2-01.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2020 07:56:31 -0000
Hi,
the -01 version of G-IKEv2 protocol has a lot of changes compared to the -00.
After some discussion among authors the draft has received
some conceptual changes.
1. The protocol is now considered more like an IKEv2 extension
(although a complex one), than like a new protocol based on IKEv2 wire format.
So it is made closer to IKEv2 by re-using as many IKEv2 structures
as possible. This approach required introduction of new IKEv2
transforms to be able to follow IKEv2 approach of defining SA parameters.
The protocol now re-use IKEv2 IANA registry instead of defining its own.
2. Based on this approach the wire format is simplified and unified.
It is no longer compatible with previous versions of the draft,
however the changes are made in such a way, that it is always possible to
distinguish between old and new formats.
3. The way SA keys are distributed is changed so that all keys are
always transferred in encrypted form (even inside SA).
The key distribution is performed in such a way, that for the GM
the algorithm of obtaining the keys doesn't change when
the GCKS implements more complex group key management
schemes, like LKH.
A lot of clarifications were added to eliminate possible ambiguities.
We solicit reviews of the new version and discussions of these changes.
Regards,
Valery (for the authors).
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the IP Security Maintenance and Extensions WG of the IETF.
>
> Title : Group Key Management using IKEv2
> Authors : Valery Smyslov
> Brian Weis
> Filename : draft-ietf-ipsecme-g-ikev2-01.txt
> Pages : 59
> Date : 2020-07-12
>
> Abstract:
> This document presents an extension to the Internet Key Exchange
> version 2 (IKEv2) protocol for the purpose of a group key management.
> The protocol is in conformance with the Multicast Security (MSEC) key
> management architecture, which contains two components: member
> registration and group rekeying. Both components require a Group
> Controller/Key Server to download IPsec group security associations
> to authorized members of a group. The group members then exchange IP
> multicast or other group traffic as IPsec packets. This document
> obsoletes RFC 6407.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-ipsecme-g-ikev2/
>
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-ipsecme-g-ikev2-01
> https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-g-ikev2-01
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-g-ikev2-01
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
>
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] I-D Action: draft-ietf-ipsecme-g-ikev2-01… internet-drafts
- Re: [IPsec] I-D Action: draft-ietf-ipsecme-g-ikev… Valery Smyslov