[Lwip] draft-ietf-lwig-minimal-esp shepherd writeup
Mohit Sethi M <mohit.m.sethi@ericsson.com> Sat, 20 March 2021 09:12 UTC
Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFE753A1E28; Sat, 20 Mar 2021 02:12:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.349
X-Spam-Level:
X-Spam-Status: No, score=-2.349 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.248, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f0MJY18MCY4b; Sat, 20 Mar 2021 02:12:01 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2052.outbound.protection.outlook.com [40.107.20.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0CD03A1E26; Sat, 20 Mar 2021 02:12:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ekEnV2U3MEjbHbnWFKIdoIgLmUBJNTDSTsRFgm+0QOKrJyqk+/QuY2HRW45gHwnG7fj8hWfEOiAVUxqzQYDbuSVMV1JbvHliU3l+/Q+K9U1/Gtdt8mQWn838Mzq4RGvC/+cvqC37RyVjNqqrosl1mv2iUeA6gFAa98bzSS3+W+q8nKC2T5iQh47ms6GKnwleFvN4rEVqtJ5llrDZP9FlP872ED7YZAO4WBPUcmu2lhxexoNL3tNxBeu82jfcPQOovrfFWdmhJSLsMhHrskCI9SUv5+tM8qLAcdeLqFIj/Dv6duZKkSdDLSOSi/UC+pGNXnHzPG6ppYz5ulRwJVebaw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BcYeptCLh/+JERDUky1qJ+j0yFhMxuJPwdWoyQd4YLA=; b=K6zjcQMio7hiWaK+KOwPHwTj81djM9ZRMsBhGAY/Q9NrTqbKdTUats7ub3SQ5VEcEdbo5KrXxML1TWl3Ay8m9fAPyrdJoo7vRF0UE8XFHUcPVqsPYvnBMR8nrk2z2ye6KHWs0jlo6ZfCgYctG3ygOxA5VL4Aw0nbST9QjN2lpoGSOCk2XUL2otF67FWYDUfKlwWHxAaYgUmXFmu/nMl9tF2Lh4Ir6QjvVPu//7E29MCHXxHOB6XfZdOUix3V5GjfOHn/fOHfMyoHXnfF0vu4j0ZLIMZ/mXh334j5ykKJlA5qBld8oRcwyGH3skeew5Q2VZQzqUUHcPB31t0cie5Oxg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BcYeptCLh/+JERDUky1qJ+j0yFhMxuJPwdWoyQd4YLA=; b=VGPD8TQk63SQofxecNZGdSPwKeAl/pWShzpxI+f2FSm251zf0D8InmmNWNEa/SMst+muGa3b4OGKjIVPNccwCiMarkw3jdGwNV5er5LQn3fHqYFJQn2AvQvkJy3Ww1MSUeyyjTSvYpQpwO3GaOemnoGHvIVzFnICHdHDclU9b1U=
Received: from HE1PR07MB3436.eurprd07.prod.outlook.com (2603:10a6:7:37::31) by HE1PR0702MB3546.eurprd07.prod.outlook.com (2603:10a6:7:8d::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3977.9; Sat, 20 Mar 2021 09:11:56 +0000
Received: from HE1PR07MB3436.eurprd07.prod.outlook.com ([fe80::9028:916a:402e:aa6a]) by HE1PR07MB3436.eurprd07.prod.outlook.com ([fe80::9028:916a:402e:aa6a%6]) with mapi id 15.20.3955.024; Sat, 20 Mar 2021 09:11:56 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: "lwip@ietf.org" <lwip@ietf.org>, "ipsec@ietf.org" <ipsec@ietf.org>
Thread-Topic: draft-ietf-lwig-minimal-esp shepherd writeup
Thread-Index: AQHXHWkSFdHFjhO7pkaBGD1ztZrO7w==
Date: Sat, 20 Mar 2021 09:11:56 +0000
Message-ID: <67654664-717b-1017-707b-0b4dfde52d24@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [85.76.67.190]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3d0f747a-df1d-4e8a-90c9-08d8eb8035ac
x-ms-traffictypediagnostic: HE1PR0702MB3546:
x-microsoft-antispam-prvs: <HE1PR0702MB354628D9A76FBEAF2FB794C6D0679@HE1PR0702MB3546.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:5797;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: jI5qWg/8DflFxYS4S3EewvPii6Bnsz8BoBSGe4VORYJaC0lfAs6k5a6Y5VA4nb1LbIxbCdGjYWliixz56wm+wwQHmFYaoCycSOX9sWV7bLxneThNmK6BP5/mPJnG42a7wHJfe4XpCbZeRCZOHRCTAjYx+2gIMCNyP4AFfKcEXO8sRbRYVOk/cGD2Y/Cf4fDahk1Yr2JEq296suQJZKaQJMgalf3/pKg3oMYkHtuf1FG1O8r1zIjE299S1ppYkTyxuCZ0PPNzB1Oqh2ZTz4a4pzzrTd3fILFkprVirFaH15Jke45bOBoIwCG9WYJIktitAdULMQGrqOgOwLNveh5KMmWwKXDnM8iqqZGcXd8JK7Ie2BC49y9Tnh39DJ6OFXhGnGERM2eYCcjc/vcjmojFFA/Nh/tDR13H43ZR03n6wyTfc7hE6DVFMJ9gQlC7dact/0/cJZu6Fb50a1XZ+rIZgXgfTrSV162+Hx7W7my5Y+MDXiaPPt/nvh8nBv2ANg8P2l+dWH24/oikOfyjsD9JwMEMAqi5GBHD9gUPb+/VKiPa2XEriRxC08cdD0SVG9obU4Wu52VMH0spRUtq64tWE4e11wZnouyCi7hGJHw8dIVqnxqWtjH+H50/nDYRzskyfU6UhTwIARfUAiFrM1M+Ex9ffOQPyarPdIXM+K7YtVuET2wQFaWti7p1acorMYs2wm/9ouLfDj1Zx39LyOI09qxwdk9NuHthTOnyU6yhb4A=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB3436.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(346002)(396003)(376002)(366004)(39860400002)(66476007)(66556008)(64756008)(6486002)(450100002)(66946007)(36756003)(86362001)(31696002)(76116006)(110136005)(316002)(83380400001)(186003)(2906002)(2616005)(26005)(6512007)(71200400001)(8936002)(8676002)(38100700001)(5660300002)(6506007)(478600001)(66446008)(31686004)(45980500001)(43740500002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: KGFZAY/kHCHTUMMd2ABzNqipwhcHf9WgTvK7ACwq2U9hyIz++Vew03CyoO0S4xHkbnC+ShP21m6F1tH9BLi9pivH5WClH/4yu9U18yf4nB7vh1MLyPh0DEKkhFVGB7zT3A5dJPIGcK7r0Nd/uAouLUh5lKq1CTRO8gtg3X0X4kPppDlppXL8j/jDE5fHYVIKmnoq/9cYmcQMeS4e3LttES9a3CaSAI5yAKF2khto7CBHI/RSLj2o83VqUZNadL86+WSogiQUFqgcDC03sfaPS6BY2CgmdluLI8ysNyuYDDxlqgv7nESqsZN4HR13Qs/ucNIbhx4aYX8k030gXGsciqubOaTxmJ5JyWAepwlKDO+oOo9z+Nowsi2ia/w1d2IsLjClcrnVUgA6GlYkyavPmDYG3LmeUerih6aPJkAWptrpXQlLSNAoYxY59I6aS4+XlhRjr2Ohiib3uC1mqaBzHNGnyIDI5uUaD6Y/UGHdxaTDwJWbjVJv2hk6YVF/F91LDXes2zvRA6tvtmrwispw+E9EPb3Ug/cji0HJUe+chDf5Xr3cUusmLvxDQ/o12k2Vv39ibpH0p/eU1mNgAt8vNr+OiYW9IJHnhHJCddhPlDYWpM2bPc145W65vkHrNnMj2k7cFcDLcVBxUfBq8hCTHk5QOwy+7GydM/TVCY8yVej3DFzeHN+f54Z/f4+TqKzOf5o1xfikbKMZyIiNPBsJxMTf2dA3zCP9W1GgL9Yz3mDztwK/8OiABQtzvsgYM0rdPSiy1NJ9pd/NtQ06qaGgdP78UeCKcY3zX6Ppci7GWEx/lWuyZLH+GoF4G+5U8YoYhGpG13ubDelszjG0Flwv+5sz2ehfaPQ8/CvvQFPqimEzCYWLgdW4W3st46hOutUDGVgqe8wFJHM87SbeZkWveY7IFfFbxoUdRHT4jk6beJnRNxh16eyGB/rUBgajWoivxFuCo4ZSdKJ4gzStC0A014A7ReeFPgwdmhbvxGSktSZQHQKiIYGMKQfPj9/oh0be0QAODKSnls+PlXfMGdixaS/6N7c3XCtbT1RKE20TxU1jW78zTR4nngqCkaG3bHoXIehwmulTZNkf0mwvk9DP1+RPsBzSKqGFsR7YpSVTA3PGSAf8/TWumuQL4HogHvjv10G9gGvSZmi394TBsJuORuyhk843xjUXNUcujMB/OQIyxRDfuWLD+jYsiPXqrucOE5g/puGa3snn1bQ7SSUMb649rrmxp6F0I1CHGlkhc2TGt0qSCiJOu2E51Vuo3eeoiV5sOPPCyDudFcO0uBwvliQtGwxpdafxzzH7sQ9EkCs=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <0F3920A4141C084D85BEE678460B972B@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB3436.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3d0f747a-df1d-4e8a-90c9-08d8eb8035ac
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Mar 2021 09:11:56.0738 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: tj7mnh1Hc14gpCBIgy99x5aTB5GL5VgKXJ+wk/xil/Htw76Q6H7a4L6twTqnuDiGq0ztfr8R8K39jrGLaqg8Uq/TKK19ip20SR+jxWGDsb0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3546
Archived-At: <https://mailarchive.ietf.org/arch/msg/lwip/MCaSzWnyHpUvn0TmGqQjwm4BicQ>
Subject: [Lwip] draft-ietf-lwig-minimal-esp shepherd writeup
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Lightweight IP stack. Official mailing list for IETF LWIG Working Group." <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lwip/>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Mar 2021 09:12:03 -0000
I am now preparing the shepherd writeup for draft-ietf-lwig-minimal-esp. I wanted to clarify and double check a few things: - If the SPI is not random and is chosen by some application specific method -> it can reveal the application using ESP. - I assume a resource-constrained device would not have many inbound connections. Would it make sense to generate a byte of randomness instead of entire 32-bit SPI? At least some APIs allow asking for a byte of randomness (randomByte()). This is assuming an upper limit on the number of inbound connections. - When sequence numbers are time -> won't it reveal the time at which the packet was sent. - Are we comfortable with the recommendation: 'A node MAY drop anti-replay protection provided by IPsec, and instead implement its own internal mechanism.'? What might this internal mechanism look like? A few typos: ----- Section 3: Please expand SAD on first usage. Section 4: Typo: In a constrainted environment -> In a constrained environment I looked at old RFCs and they seem to use both crypto-suite and cryptosuite. I have a preference for the later. Perhaps we can remove the hyphen. ----- --Mohit
- [Lwip] draft-ietf-lwig-minimal-esp shepherd write… Mohit Sethi M
- Re: [Lwip] draft-ietf-lwig-minimal-esp shepherd w… Daniel Migault
- Re: [Lwip] [IPsec] draft-ietf-lwig-minimal-esp sh… Paul Wouters
- Re: [Lwip] [IPsec] draft-ietf-lwig-minimal-esp sh… Mohit Sethi M
- Re: [Lwip] [IPsec] draft-ietf-lwig-minimal-esp sh… Paul Wouters
- Re: [Lwip] [IPsec] draft-ietf-lwig-minimal-esp sh… Tero Kivinen
- Re: [Lwip] [IPsec] draft-ietf-lwig-minimal-esp sh… Paul Wouters
- Re: [Lwip] [IPsec] draft-ietf-lwig-minimal-esp sh… Daniel Migault
- Re: [Lwip] [IPsec] draft-ietf-lwig-minimal-esp sh… Tero Kivinen
- Re: [Lwip] [IPsec] draft-ietf-lwig-minimal-esp sh… Daniel Migault