IETF Logo Mail Archive

Re: [IPsec] New Version Notification for draft-smyslov-ipsecme-ikev2-compression-00.txt

Tommy Pauly <tpauly@apple.com> Tue, 12 January 2016 16:27 UTC

Return-Path: <tpauly@apple.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A993F1B2B39 for <ipsec@ietfa.amsl.com>; Tue, 12 Jan 2016 08:27:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2bJvWzX35xVb for <ipsec@ietfa.amsl.com>; Tue, 12 Jan 2016 08:27:52 -0800 (PST)
Received: from mail-in4.apple.com (mail-out4.apple.com [17.151.62.26]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20D771B2AB0 for <ipsec@ietf.org>; Tue, 12 Jan 2016 08:27:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1452616046; x=2316529646; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-transfer-encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=jFt8qu3CPJ0gOkGjZbcSkXuRt2l4C5EvikKYTZICU80=; b=r3QHhKY6fMDufEGgYbs6bYhhgP3UKs9XCHzEbCdQk1o9Yb0t4lgqJk1SIiGfKNG5 lTM3WAfZN+bP5+zEwsH+Cm4Ms6znm/Sc7OOhBrcE1qwd9zE4hs0p+P1NGQf4dLvH T0lptIjuwzLODNQQfuv10I6OHdxr3M4KPV2c8t2uO4HQvPvrl70io5ty0ch8ximN NYg5NPiFP/qgmwlqDF7ZzJl1rQpO5oa8pdNEdW6FUWRfsrfEXRoh6qLlyAiYpS5N ubHlARhKCoCevffd8AA/83WgKrS1DEwpR8gm2vPPXUtb1ifhsfl56wyLyAqBUBnr CUtYHYZiz8hsqnVlI1wrhg==;
Received: from relay2.apple.com (relay2.apple.com [17.128.113.67]) by mail-in4.apple.com (Apple Secure Mail Relay) with SMTP id 30.A4.03960.D6925965; Tue, 12 Jan 2016 08:27:26 -0800 (PST)
X-AuditID: 11973e12-f796d6d000000f78-25-5695296e3808
Received: from fenugreek.apple.com (fenugreek.apple.com [17.128.115.97]) (using TLS with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by relay2.apple.com (Apple SCV relay) with SMTP id BD.A9.03545.C6925965; Tue, 12 Jan 2016 08:27:25 -0800 (PST)
Received: from [17.153.87.155] (unknown [17.153.87.155]) by fenugreek.apple.com (Oracle Communications Messaging Server 7.0.5.35.0 64bit (built Mar 31 2015)) with ESMTPSA id <0O0U008NBLPNWM40@fenugreek.apple.com> for ipsec@ietf.org; Tue, 12 Jan 2016 08:27:24 -0800 (PST)
Sender: tpauly@apple.com
Content-type: text/plain; charset="utf-8"
MIME-version: 1.0 (Mac OS X Mail 10.0 \(3159\))
From: Tommy Pauly <tpauly@apple.com>
In-reply-to: <22163.54776.641819.67931@fireball.acr.fi>
Date: Tue, 12 Jan 2016 08:27:30 -0800
Content-transfer-encoding: quoted-printable
Message-id: <4C042BBC-C27F-4B87-8EB5-56862B309A63@apple.com>
References: <7A83C993003E493EB2E895E2B8CFEC61@buildpc> <DC3EFDC3-3482-4DDD-AE06-27E24FB6F5C5@gmail.com> <22163.54776.641819.67931@fireball.acr.fi>
To: Valery Smyslov <svanru@gmail.com>
X-Mailer: Apple Mail (2.3159)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrLLMWRmVeSWpSXmKPExsUi2FDorJunOTXMYFOHjsX+LS/YHBg9liz5 yRTAGMVlk5Kak1mWWqRvl8CVceniP8aCG0IVj04cZm9gXMzfxcjJISFgIvH+yX1GCFtM4sK9 9WxdjFwcQgJ7GSVmT77EBFP07eUJRojEPCaJK6u72SGcaUwS/848Yu5i5OAQFpCQ2LwnEcRk FlCXmDIlF6SXV0BfYtXDPSwgtrBAkkTvi7usIDabgIrE8W8bmEFsTgFziVk7foDVsAioSrzb MAksziyQILH12RpWCFtb4sm7C6wQM20k3m/eyAJ1AqNE0+TD7CAJEaDmm9t+MkMcLSsx60M/ M0iRhMASNonV22axTWAUmYVw3ywk981CsmMBI/MqRqHcxMwc3cw8E73EgoKcVL3k/NxNjKDw nm4ntIPx1CqrQ4wCHIxKPLwZ7FPChFgTy4orcw8xSnOwKInzbngyKUxIID2xJDU7NbUgtSi+ qDQntfgQIxMHp1QDY4LbwlcGlye2K4ckMSnqHjgc1W/MXdpvFvJOzHyur4IV86/wLTMCDlhp 8dUJy0f3JsffeWmzsm11LGvj9gXzNAVdwybzv+ZRXmq1Sv/O6/tfN+89av58bpmPQutXuVXs 83SXTfv2YONMfyWN2X/fSqX9KFr+rmM5h8FFjg0nPBz/fn+a6vE+TomlOCPRUIu5qDgRADF5 uytQAgAA
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrBLMWRmVeSWpSXmKPExsUi2FCcqJurOTXMYNNZJov9W16wOTB6LFny kymAMYrLJiU1J7MstUjfLoEr49LFf4wFN4QqHp04zN7AuJi/i5GTQ0LAROLbyxOMELaYxIV7 69m6GLk4hATmMUlcWd3NDuFMY5L4d+YRcxcjB4ewgITE5j2JICazgLrElCm5IL28AvoSqx7u YQGxhQWSJHpf3GUFsdkEVCSOf9vADGJzCphLzNrxA6yGRUBV4t2GSWBxZoEEia3P1rBC2NoS T95dYIWYaSPxfvNGFqgTGCWaJh9mB0mIADXf3PaTGeJoWYlZH/qZJzAKzkI4aRaSk2YhGbuA kXkVo0BRak5ipZFeYkFBTqpecn7uJkZwOBY672A8tszqEKMAB6MSD28G+5QwIdbEsuLK3EOM EhzMSiK8v1WnhgnxpiRWVqUW5ccXleakFh9iTAZ6ZiKzlGhyPjBW8kriDU1MDEyMjc2Mjc1N zEkTVhLnPSbZEyYkkJ5YkpqdmlqQWgSzhYmDU6qBcUtHdnrG77mMCoUNM/9MiC+6F3/16D8j /jl/VJO3TcrLuHSG/0loUrQU08uem47MeY+WnnvIcyBlp1fSQqELXiJCu1/fXhsQ/y3FIPKT zVbheUIPenzmPYx6Xyyl7lV4lr8tvbHS5vftDpXyysMTLI1v92YdmnSqfb7QT6PGAy5xLWIz H0udVWIpzkg01GIuKk4EALcS8ICLAgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/xo0B4-77dURteNG1iuPeUpjRXW0>
Cc: IPsecME WG <ipsec@ietf.org>, Tero Kivinen <kivinen@iki.fi>, Yoav Nir <ynir.ietf@gmail.com>
Subject: Re: [IPsec] New Version Notification for draft-smyslov-ipsecme-ikev2-compression-00.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jan 2016 16:27:54 -0000

> On Jan 11, 2016, at 8:19 AM, Tero Kivinen <kivinen@iki.fi> wrote:
> 
> Yoav Nir writes:
>> Second, as I understand it, those battery-powered devices tend to
>> use 802.15.4 networks with 127-byte frames. There’s 6LoWPAN to
>> provide fragmentation support, but that’s similar to using IKE’s
>> fragmentation for the same issue. Can anything be done at all with
>> 127-byte frames, that include the (IPv6?) headers, the 8-byte UDP
>> header, the 20-byte IKEv2 header in addition to all the payload
>> headers? If we need fragmentation anyway, I don’t know if
>> compression matters. 
> 
> 802.15.4 networks also have 802.15.9, which will provide its own
> fragmentation and reassembly for the IKEv2 frames (not including IP or
> UDP headers, as those are not used, this is raw IKEv2 frames over raw
> 802.15.4 frames).
> 
> In those environments the IKEv2 is used to negotiate link keys between
> two devices. The payloads are already quite compacted, i.e. there will
> not be several proposals for ciphers, only one, and all extra payloads
> are omitted anyways. 

Tero’s comments seem to confirm the idea that constrained devices will generally be using a small set of proposals, and thus do not need compression. 

The document referred to in the draft as IPSEC-IOT-REQS, draft-mglt-6lo-diet-esp-requirements-01, recommends essentially one algorithm for the Child SA algorithm (AES-CCM), so it may be safe to assume that IoT devices could converge to a small set of IKE SA algorithms to standardly use. And, while this document does recommend compression for ESP packets, I can see more of an argument being made for compressing ESP traffic (which may be many packets) than for compressing the IKE_SA_INIT packet, which is already a one-time-cost small packet.

Valery, do you have specific real-world examples of IKE_SA_INIT packets that are being used by IoT devices that get a benefit from this compression? Without this, it seems that adding compression to IKE would add a fair amount of complexity to optimize a packet that is already fairly inexpensive to send.

Thanks,
Tommy

> -- 
> kivinen@iki.fi
> 
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email