Hi, I finally got to watching your presentation on the IETF youtube
channel. the illustration at https://youtu.be/IrNsFAPhx-Q?t=3410, which
I guess is also at:
https://www.ietf.org/proceedings/108/slides/slides-108-ipsecme-proposed-improvements-to-esp-01
slide 3.
It is unfortunate that the youtube video does not capture the jabber
discussion at all, and I have to go find that log.
As Bill Simpson pointed out, you don't need a new ESP protocol number
because the layout of the ESP packet is already essentially driven by
the SPI#. The business of using this window,sender and sequence number
as the IV might be AES-AEAD specific. I'm sure that it can apply to a
number of other ciphers, but perhaps not to classic
3DES+MD5^WAES-128+SHA256.
I think that a way to negotiate this is as if it was unique cipher.
i.e:
https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-5
which is Expert Review. I agree with Tero that this is outside of the
charter.
I suggest that you ask for an allocation, write some code, document it
an individual ID and report on the WG on how well this works for you,
and on whether the hardware people are happy with the results.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
