[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: Re: [IPsec] Fwd: New Version Notification for draft-mrossberg-ipsecme-multiple-sequence-counters-00.
From: Benjamin Schwartz <ietf () bemasc ! net>
Date: 2023-02-28 18:24:32
Message-ID: CAJF-iTQX+5QnsQZ3Fk88D6XTSfbXeXN0ejPtnTrw18f8hxjfvQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
A solution to this problem would be very helpful to draft-xu-risav, so I'm
definitely supportive of more work on this.
--Ben Schwartz
On Tue, Feb 28, 2023 at 3:14 AM Steffen Klassert <
steffen.klassert@secunet.com> wrote:
> Hi,
>
> we just published a new informal problem statement draft
> (draft-mrossberg-ipsecme-multiple-sequence-counters-00.txt)
> about ESP sequence number problems when using multiple CPU
> cores, QoS etc.
>
> At the last working group meeting in London, it was quite
> some interest to work on a re-design of ESP to make it fit
> to the multi-cpu case, QoS classes, HW offloads, multipath,
> multicast, etc.
>
> This is a first approach to describe the problems we have
> with the current ESP protocol.
>
> Comments welcome!
>
> Steffen
>
> ----- Forwarded message from internet-drafts@ietf.org -----
>
> Date: Mon, 27 Feb 2023 23:14:14 -0800
> From: internet-drafts@ietf.org
> To: Michael Pfeiffer <michael.pfeiffer@tu-ilmenau.de>, Michael Rossberg <
> michael.rossberg@tu-ilmenau.de>, Steffen Klassert
> <steffen.klassert@secunet.com>
> Subject: New Version Notification for
> draft-mrossberg-ipsecme-multiple-sequence-counters-00.txt
>
>
> A new version of I-D,
> draft-mrossberg-ipsecme-multiple-sequence-counters-00.txt
> has been successfully submitted by Steffen Klassert and posted to the
> IETF repository.
>
> Name: draft-mrossberg-ipsecme-multiple-sequence-counters
> Revision: 00
> Title: Problem statements and uses cases for lightweight Child
> Security Associations
> Document date: 2023-02-27
> Group: Individual Submission
> Pages: 15
> URL:
> https://www.ietf.org/archive/id/draft-mrossberg-ipsecme-multiple-sequence-counters-00.txt
> Status:
> https://datatracker.ietf.org/doc/draft-mrossberg-ipsecme-multiple-sequence-counters/
> Html:
> https://www.ietf.org/archive/id/draft-mrossberg-ipsecme-multiple-sequence-counters-00.html
> Htmlized:
> https://datatracker.ietf.org/doc/html/draft-mrossberg-ipsecme-multiple-sequence-counters
>
>
> Abstract:
> IKE SAs may have one or more child SAs that are used for traffic
> protection. This document collects arguments for (and against)
> having more fine-grained sub-child-SAs. They can be used to separate
> data streams for various technical reasons but share the same
> security properties and traffic selectors. This shall allow for a
> more flexible use of IPsec in multiple scenarios.
>
>
>
>
> The IETF Secretariat
>
>
> ----- End forwarded message -----
>
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
>
[Attachment #5 (text/html)]
<div dir="ltr">A solution to this problem would be very helpful to draft-xu-risav, so \
I'm definitely supportive of more work on \
this.<div></div><div><br></div><div>--Ben Schwartz</div></div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Feb 28, 2023 at 3:14 AM \
Steffen Klassert <<a \
href="mailto:steffen.klassert@secunet.com">steffen.klassert@secunet.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br> <br>
we just published a new informal problem statement draft<br>
(draft-mrossberg-ipsecme-multiple-sequence-counters-00.txt)<br>
about ESP sequence number problems when using multiple CPU<br>
cores, QoS etc.<br>
<br>
At the last working group meeting in London, it was quite<br>
some interest to work on a re-design of ESP to make it fit<br>
to the multi-cpu case, QoS classes, HW offloads, multipath, <br>
multicast, etc.<br>
<br>
This is a first approach to describe the problems we have<br>
with the current ESP protocol.<br>
<br>
Comments welcome!<br>
<br>
Steffen<br>
<br>
----- Forwarded message from <a href="mailto:internet-drafts@ietf.org" \
target="_blank">internet-drafts@ietf.org</a> -----<br> <br>
Date: Mon, 27 Feb 2023 23:14:14 -0800<br>
From: <a href="mailto:internet-drafts@ietf.org" \
target="_blank">internet-drafts@ietf.org</a><br>
To: Michael Pfeiffer <<a href="mailto:michael.pfeiffer@tu-ilmenau.de" \
target="_blank">michael.pfeiffer@tu-ilmenau.de</a>>, Michael Rossberg <<a \
href="mailto:michael.rossberg@tu-ilmenau.de" \
target="_blank">michael.rossberg@tu-ilmenau.de</a>>, Steffen \
Klassert<br>
<<a href="mailto:steffen.klassert@secunet.com" \
target="_blank">steffen.klassert@secunet.com</a>><br>
Subject: New Version Notification for \
draft-mrossberg-ipsecme-multiple-sequence-counters-00.txt<br> <br>
<br>
A new version of I-D, draft-mrossberg-ipsecme-multiple-sequence-counters-00.txt<br>
has been successfully submitted by Steffen Klassert and posted to the<br>
IETF repository.<br>
<br>
Name: draft-mrossberg-ipsecme-multiple-sequence-counters<br>
Revision: 00<br>
Title: Problem statements and uses cases for lightweight Child Security \
Associations<br> Document date: 2023-02-27<br>
Group: Individual Submission<br>
Pages: 15<br>
URL: <a \
href="https://www.ietf.org/archive/id/draft-mrossberg-ipsecme-multiple-sequence-counters-00.txt" \
rel="noreferrer" target="_blank">https://www.ietf.org/archive/id/draft-mrossberg-ipsecme-multiple-sequence-counters-00.txt</a><br>
Status: <a \
href="https://datatracker.ietf.org/doc/draft-mrossberg-ipsecme-multiple-sequence-counters/" \
rel="noreferrer" target="_blank">https://datatracker.ietf.org/doc/draft-mrossberg-ipsecme-multiple-sequence-counters/</a><br>
Html: <a \
href="https://www.ietf.org/archive/id/draft-mrossberg-ipsecme-multiple-sequence-counters-00.html" \
rel="noreferrer" target="_blank">https://www.ietf.org/archive/id/draft-mrossberg-ipsecme-multiple-sequence-counters-00.html</a><br>
Htmlized: <a \
href="https://datatracker.ietf.org/doc/html/draft-mrossberg-ipsecme-multiple-sequence-counters" \
rel="noreferrer" target="_blank">https://datatracker.ietf.org/doc/html/draft-mrossberg-ipsecme-multiple-sequence-counters</a><br>
<br>
<br>
Abstract:<br>
IKE SAs may have one or more child SAs that are used for traffic<br>
protection. This document collects arguments for (and against)<br>
having more fine-grained sub-child-SAs. They can be used to separate<br>
data streams for various technical reasons but share the same<br>
security properties and traffic selectors. This shall allow for a<br>
more flexible use of IPsec in multiple scenarios.<br>
<br>
<br>
<br>
<br>
The IETF Secretariat<br>
<br>
<br>
----- End forwarded message -----<br>
<br>
_______________________________________________<br>
IPsec mailing list<br>
<a href="mailto:IPsec@ietf.org" target="_blank">IPsec@ietf.org</a><br>
<a href="https://www.ietf.org/mailman/listinfo/ipsec" rel="noreferrer" \
target="_blank">https://www.ietf.org/mailman/listinfo/ipsec</a><br> \
</blockquote></div>
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic