[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: [IPsec] TR: New Version Notification for draft-ponchon-ipsecme-anti-replay-subspaces-03.txt
From: "Paul Ponchon \(pponchon\)" <pponchon=40cisco.com () dmarc ! ietf ! org>
Date: 2023-10-23 11:42:36
Message-ID: DM6PR11MB4531423A2130D5706ACFA66DCBD8A () DM6PR11MB4531 ! namprd11 ! prod ! outlook ! com
[Download RAW message or body]
Hi,
We’ve submitted an updated revision of draft-ponchon-ipsecme-anti-replay-subspaces. \
We’ve modified the IKE transform for the negotiation of the requested and supported \
number of subspaces. Thanks to everyone who shared feedback already. We welcome more \
input on the revised draft.
Paul
De : internet-drafts@ietf.org <internet-drafts@ietf.org>
Date : lundi, 23 octobre 2023 à 12:33
À : Guillaume Solignac (gsoligna) <gsoligna@cisco.com>, Hadi Dernaika \
<hbd05@mail.aub.edu>, Mohsin Shaikh (mohsisha) <mohsisha@cisco.com>, Paul Ponchon \
(pponchon) <pponchon@cisco.com>, Pierre Pfister (ppfister) <ppfister@cisco.com> Objet \
: New Version Notification for draft-ponchon-ipsecme-anti-replay-subspaces-03.txt A \
new version of Internet-Draft draft-ponchon-ipsecme-anti-replay-subspaces-03.txt has \
been successfully submitted by Paul Ponchon and posted to the
IETF repository.
Name: draft-ponchon-ipsecme-anti-replay-subspaces
Revision: 03
Title: IPsec and IKE anti-replay sequence number subspaces for traffic-engineered \
paths and multi-core processing
Date: 2023-10-23
Group: Individual Submission
Pages: 13
URL: https://www.ietf.org/archive/id/draft-ponchon-ipsecme-anti-replay-subspaces-03.txt
Status: https://datatracker.ietf.org/doc/draft-ponchon-ipsecme-anti-replay-subspaces/
HTMLized: https://datatracker.ietf.org/doc/html/draft-ponchon-ipsecme-anti-replay-subspaces
Diff: https://author-tools.ietf.org/iddiff?url2=draft-ponchon-ipsecme-anti-replay-subspaces-03
Abstract:
This document discusses the challenges of running IPsec with anti-
replay in multi-core environments where packets may be re-ordered
(e.g., when sent over multiple IP paths, traffic-engineered paths
and/or using different QoS classes). A new solution based on
splitting the anti-replay sequence number space into multiple
different sequencing subspaces is proposed. Since this solution
requires support on both parties, an IKE extension is proposed in
order to negotiate the use of the anti-replay sequence number
subspaces.
The IETF Secretariat
[Attachment #3 (text/html)]
<html xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="FR" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" \
style="font-size:11.0pt;mso-fareast-language:EN-US">Hi,<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US" \
style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US" \
style="font-size:11.0pt;mso-fareast-language:EN-US">We’ve submitted an updated \
revision of draft-ponchon-ipsecme-anti-replay-subspaces. We’ve modified the IKE \
transform for the negotiation of the requested and supported number of \
subspaces.<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" \
style="font-size:11.0pt;mso-fareast-language:EN-US">Thanks to everyone who shared \
feedback already. We welcome more input on the revised draft.<o:p></o:p></span></p> \
<p class="MsoNormal"><span lang="EN-US" \
style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US" \
style="font-size:11.0pt;mso-fareast-language:EN-US">Paul<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US" \
style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p> <div \
id="mail-editor-reference-message-container"> <div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span lang="EN-US" \
style="font-size:12.0pt;color:black">De : </span></b><span lang="EN-US" \
style="font-size:12.0pt;color:black">internet-drafts@ietf.org \
<internet-drafts@ietf.org><br> <b>Date : </b>lundi, 23 octobre 2023 à \
12:33<br> <b>À : </b>Guillaume Solignac (gsoligna) <gsoligna@cisco.com>, \
Hadi Dernaika <hbd05@mail.aub.edu>, Mohsin Shaikh (mohsisha) \
<mohsisha@cisco.com>, Paul Ponchon (pponchon) <pponchon@cisco.com>, \
Pierre Pfister (ppfister) <ppfister@cisco.com><br> <b>Objet : </b>New \
Version Notification for \
draft-ponchon-ipsecme-anti-replay-subspaces-03.txt<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-US" \
style="font-size:11.0pt">A new version of Internet-Draft<br> \
draft-ponchon-ipsecme-anti-replay-subspaces-03.txt has been successfully<br> \
submitted by Paul Ponchon and posted to the<br> IETF repository.<br>
<br>
Name: draft-ponchon-ipsecme-anti-replay-subspaces<br>
Revision: 03<br>
Title: IPsec and IKE anti-replay sequence number subspaces for \
traffic-engineered paths and multi-core processing<br> Date: \
2023-10-23<br> Group: Individual Submission<br>
Pages: 13<br>
URL: </span><a \
href="https://www.ietf.org/archive/id/draft-ponchon-ipsecme-anti-replay-subspaces-03.txt"><span \
lang="EN-US" style="font-size:11.0pt">https://www.ietf.org/archive/id/draft-ponchon-ipsecme-anti-replay-subspaces-03.txt</span></a><span \
lang="EN-US" style="font-size:11.0pt"><br> Status: </span><a \
href="https://datatracker.ietf.org/doc/draft-ponchon-ipsecme-anti-replay-subspaces/"><span \
lang="EN-US" style="font-size:11.0pt">https://datatracker.ietf.org/doc/draft-ponchon-ipsecme-anti-replay-subspaces/</span></a><span \
lang="EN-US" style="font-size:11.0pt"><br>
HTMLized: </span><a href="https://datatracker.ietf.org/doc/html/draft-ponchon-ipsecme-anti-replay-subspaces"><span \
lang="EN-US" style="font-size:11.0pt">https://datatracker.ietf.org/doc/html/draft-ponchon-ipsecme-anti-replay-subspaces</span></a><span \
lang="EN-US" style="font-size:11.0pt"><br> Diff: </span><a \
href="https://author-tools.ietf.org/iddiff?url2=draft-ponchon-ipsecme-anti-replay-subspaces-03"><span \
lang="EN-US" style="font-size:11.0pt">https://author-tools.ietf.org/iddiff?url2=draft-ponchon-ipsecme-anti-replay-subspaces-03</span></a><span \
lang="EN-US" style="font-size:11.0pt"><br> <br>
Abstract:<br>
<br>
This document discusses the challenges of running IPsec with anti-<br>
replay in multi-core environments where packets may be re-ordered<br>
(e.g., when sent over multiple IP paths, traffic-engineered paths<br>
and/or using different QoS classes). A new solution based on<br>
splitting the anti-replay sequence number space into multiple<br>
different sequencing subspaces is proposed. Since this \
solution<br> requires support on both parties, an IKE extension is \
proposed in<br> order to negotiate the use of the anti-replay sequence \
number<br> subspaces.<br>
<br>
<br>
<br>
</span><span style="font-size:11.0pt">The IETF Secretariat<br>
<br>
<o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</body>
</html>
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
--===============0386128988036170882==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic