Hmm, it used to be that if you are subscribed to one IETF list, you can post to any of them. That does not seem to work for the ipsec list :/
---------- Forwarded message --------- From: Paul Wouters <paul.wout...@aiven.io> Date: Sun, Jul 11, 2021 at 11:34 PM Subject: Re: [IPsec] I-D Action: draft-kampati-ipsecme-ikev2-sa-ts-payloads-opt-05.txt To: Panwei (William) <william.pan...@huawei.com> Cc: ipsec@ietf.org <ipsec@ietf.org> On Mon, 5 Jul 2021, Panwei (William) wrote: Hi Wei Pan, > According to the discussion on the mailing list, I update the draft to version 05. In this version, I deleted the unnecessary considerations for the configuration changes. For now, the solution is very simple and just includes the negotiation at creating IKE SAs and optimization at rekeying IKE and Child SAs. > > Comments and feedbacks are more than welcome. It is lookger much better and simpler, but I still had a few issues and wanted to make the document a bit shorter and clearer. I made some changes for your consideration. I've attached an updated xml and txt file in case you would like to use my changes. The changes are: - Reduced the text that was used to explain a lot of IKEv2 basics. Instead, a reference to IKEv2 should be enough. This greatly simplifies the text. - Remove the parts about "changed configuration". If the crypto parameters have changed, you SHOULD NOT use REKEY. RFC 7296 says this: In Section 2.8, "Note that, when rekeying, the new Child SA MAY have different Traffic Selectors and algorithms than the old one" was changed to "Note that, when rekeying, the new Child SA SHOULD NOT have different Traffic Selectors and algorithms than the old one". So if the configuration has changed, you should not do any kind of REKEY, whether it is OPTIMIZED or not. You should do a re-authentication (in other words, a new IKE from scratch) - IKE REKEY MUST contain KE, because RFC 7296 says: The main reason for rekeying the IKE SA is to ensure that the compromise of old keying material does not provide information about the current keys, or vice versa. Therefore, implementations MUST perform a new Diffie-Hellman exchange when rekeying the IKE SA. In other words, an initiator MUST NOT propose the value "NONE" for the Diffie-Hellman transform, and a responder MUST NOT accept such a proposal. This means that a successful exchange rekeying the IKE SA always includes the KEi/KEr payloads. - Removed: It also helps to avoid IP fragmentation of IKEv2 messages I don't think this is actually true, since on rekey there are no required CERT payloads, which is the vast majority of the payload size in IKE_AUTH that causes fragmentation. - Changed MINIMUM_REKEY{_SUPPORTED} to OPTIMIZED_REKEY{_SUPPORTED} This matches better with the OPTIMIZED_REKEY notify. Also, I find that "minimum" is a little confusing. It could mean "minimum lifetime" or "minimum of the previous one". I find "optimized" covers this better than "minium". - Shortened titles For improved readability of Table of Contents - Some grammar and style Open questions to the working group: 1) Should the SUPPORTED notify mean that peers MAY use this method or MUST use this method? There could be a use for making it MUST, as a peer could then eventually stop supporting the "old method". Initiators would know by the lack of the notify that they might not be able to rekey in the old way, and must add/delete or re-auth the SA. 2) Alternatively, the SUPPORTED notify could have a payload that signifies whether the old method is supported or not. 3) Should we look at supporting rekeying multiple Child SAs at once? Or should we tell people they should have used additional Traffic Selectors and combined the Child SAs into one ? 4) When a Child SA was negotiated with PFS, what should an optimized rekey do when there is no KE payload? Send INVALID_KE_PAYLOAD ? Paul > > Regards & Thanks! > Wei Pan > >> -----Original Message----- >> From: I-D-Announce [mailto:i-d-announce-boun...@ietf.org] On Behalf >> Of internet-dra...@ietf.org >> Sent: Monday, July 5, 2021 12:24 PM >> To: i-d-annou...@ietf.org >> Subject: I-D Action: draft-kampati-ipsecme-ikev2-sa-ts-payloads-opt-05.txt >> >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> >> >> Title : IKEv2 Optional SA&TS Payloads in Child >> Exchange >> Authors : Sandeep Kampati >> Wei Pan >> Meduri S S Bharath >> Meiling Chen >> Filename : >> draft-kampati-ipsecme-ikev2-sa-ts-payloads-opt-05.txt >> Pages : 9 >> Date : 2021-07-04 >> >> Abstract: >> This document describes a method for reducing the size of the >> Internet Key Exchange version 2 (IKEv2) exchanges at time of rekeying >> IKE SAs and Child SAs by removing or making optional of SA & TS >> payloads. Reducing size of IKEv2 exchanges is desirable for low >> power consumption battery powered devices. It also helps to avoid IP >> fragmentation of IKEv2 messages. >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-kampati-ipsecme-ikev2-sa-ts-payloa >> ds-opt/ >> >> There is also an htmlized version available at: >> https://datatracker.ietf.org/doc/html/draft-kampati-ipsecme-ikev2-sa-ts-p >> ayloads-opt-05 >> >> A diff from the previous version is available at: >> https://www.ietf.org/rfcdiff?url2=draft-kampati-ipsecme-ikev2-sa-ts-paylo >> ads-opt-05 >> >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> >> _______________________________________________ >> I-D-Announce mailing list >> i-d-annou...@ietf.org >> https://www.ietf.org/mailman/listinfo/i-d-announce >> Internet-Draft directories: http://www.ietf.org/shadow.html or >> ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec >
IPSECME Working Group S. Kampati Internet-Draft W. Pan Intended status: Standards Track Huawei Expires: 12 January 2022 M. Bharath Mavenir M. Chen CMCC 11 July 2021 IKEv2 Optional SA&TS Payloads in Child Exchange draft-kampati-ipsecme-ikev2-sa-ts-payloads-opt-05 Abstract This document describes a method for reducing the size of the Internet Key Exchange version 2 (IKEv2) CREATE_CHILD_SA exchanges used for rekeying of the IKE or Child SA by replacing the SA and TS payloads with a Notify Message payload. Reducing size and complexity of IKEv2 exchanges is especially useful for low power consumption battery powered devices. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 12 January 2022. Copyright Notice Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights Kampati, et al. Expires 12 January 2022 [Page 1] Internet-Draft IKEv2 Optional Child SA&TS Payloads July 2021 and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Conventions Used in This Document . . . . . . . . . . . . . . 3 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 3. Negotiation of Support for OPTIMIZED REKEY . . . . . . . . . 3 4. Optimized Rekey of the IKE SA . . . . . . . . . . . . . . . . 4 5. Optimized Rekey of Child SAs . . . . . . . . . . . . . . . . 5 6. Payload Formats . . . . . . . . . . . . . . . . . . . . . . . 5 6.1. OPTIMIZED_REKEY_SUPPORTED Notify . . . . . . . . . . . . 5 6.2. OPTIMIZED_REKEY Notify . . . . . . . . . . . . . . . . . 6 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 8. Operational Considerations . . . . . . . . . . . . . . . . . 7 9. Security Considerations . . . . . . . . . . . . . . . . . . . 7 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7 11. Normative References . . . . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 1. Introduction The Internet Key Exchange protocol version 2 (IKEv2) [RFC7296] is used to negotiate Security Association (SA) parameters for the IKE SA and the Child SAs. Cryptographic key material for these SAs have a limited lifetime before it needs to be refreshes, a process referred to as "rekeying". IKEv2 uses the CREATE_CHILD_SA exchange to rekey either the IKE SA or the Child SAs. When rekeying, a full set of previously negotiated parameters are exchanged. However, most of these parameters will be the same, and some of these parameters MUST be the same. For example, the Traffic Selector (TS) negotiated for the new Child SA MUST cover the Traffic Selectors negotiated for the old Child SA. And in practically all cases, a new Child SA would not need to cover more Traffic Selectors. In the rare case where this would be needed, a new Child SA could be negotiatied instead of the current Child SA being rekeyed. Similarly, IKEv2 states that the cryptographic parameters negotiated for rekeying SHOULD NOT be different. This means that the security properties of the IKE or Child SA in practise do not change during a typical rekey. Kampati, et al. Expires 12 January 2022 [Page 2] Internet-Draft IKEv2 Optional Child SA&TS Payloads July 2021 This document specifies a method to omit these parameters and replace them with a single Notify Message declaring that all these parameters are identical to the originally negotiated parameters. For security gateways/ePDG in 4G networks or cRAN/Cloud gateways in 5G networks, gateways typically support more than 100,000 IKE/IPSEC tunnels. At any point in time, there will be hundreds or thousands of IKE SAs and Child SAs that are being rekeyed. This takes a large amount of bandwidth and CPU power and any protocol simplification or bandwidth reducing would result in an significant resource saving. For Internet of Things (IoT) devices which utilize low power consumption technology, reducing the size of rekey exchange reduces its power consumption, as sending bytes over the air is usually the most power consuming operation of such a device. Reducing the CPU operations required to verify the rekey exchanges parameters will also save power and extend the lifetime for these devices. When using identical parameters during the IKE or Child SA rekey, the SA and TS payloads can be omited. For an IKE SA rekey, instead of the (large) SA payload, only a Key Exchange (KE) payload and a new Notify Type payload with the new SPI is required. For a Child SA payload, instead of the SA or TS payloads, only an optional Nonce payload (when using PFS) and a new Notify Type payload with the new SPI is needed. This makes the rekey exchange packets much smaller and the peers do not need to verify that the SA or TS parameters are compatible with the old SA. 2. Conventions Used in This Document 2.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. Negotiation of Support for OPTIMIZED REKEY To indicate support for the optimized rekey negotiation, the initiator includes the OPTIMIZED_REKEY_SUPPORTED Notify payload in the IKE_AUTH exchange request. A responder that supports the optimized rekey exchange inclues the OPTIMIZED_REKEY_SUPPORTED Notify payload in its response. Note that the notify indiciates support for optimized rekey for both IKE and Child SAs. Kampati, et al. Expires 12 January 2022 [Page 3] Internet-Draft IKEv2 Optional Child SA&TS Payloads July 2021 When a peer wishes to rekey an IKE SA or Child SA, it MAY use the optimized rekey method during the CREATE_CHILD_SA exchange. A responder MUST accept that the initiator uses a regular or optimized reey. The initiator indicates its support for optimizing payloads at rekeying IKE SAs and Child SAs by including a Notify payload of type MINIMAL_REKEY_SUPPORTED in the IKE_AUTH request message. By observing the MINIMAL_REKEY_SUPPORTED notification in the received message, the responder can deduce the initiator's support of this extension. If the responder also supports this extension, it includes the MINIMAL_REKEY_SUPPORTED notification in the corresponding response message. After receiving the response message, the initiator can also know the support of this extension of the responder side. The IKE_AUTH message exchange in this case is shown below: Initiator Responder -------------------------------------------------------------------- HDR, SK {IDi, [CERT,] [CERTREQ,] [IDr,] AUTH, SAi2, TSi, TSr, N(OPTIMIZED_REKEY_SUPPORTED)} --> <-- HDR, SK {IDr, [CERT,] AUTH, SAr2, TSi, TSr, N(OPTIMIZED_REKEY_SUPPORTED)} If the responder does not support this extension, as per regular IKEv2 processing, it MUST ignore the unknown Notify payload. The initiator will notice the lack of the OPTIMIZED_REKEY_SUPPORTED Notify in the reply and thus know it cannot use the optimized rekey method. The IKE_AUTH message exchange in this case is shown below: 4. Optimized Rekey of the IKE SA The initiator of an optimized rekey request sends a CREATE_CHILD_SA payload with the OPTIMIZED_REKEY notify payload containing the new Security Parameter Index (SPI) for the new IKE SA. It omits the SA payload. The responder of an optimized rekey request performs the same process. It includes the OPTIMIZED_REKEY notify with its new IKE SPI and omits the SA payload. Both parties send Nonce and KE payloads just as they would do for a regular IKE SA rekey. Kampati, et al. Expires 12 January 2022 [Page 4] Internet-Draft IKEv2 Optional Child SA&TS Payloads July 2021 The CREATE_CHILD_SA message exchange in this case is shown below: Initiator Responder -------------------------------------------------------------------- HDR, SK {N(OPTIMIZED_REKEY), Ni, KEi} --> <-- HDR, SK {N(OPTIMIZED_REKEY), Nr, KEr} 5. Optimized Rekey of Child SAs The initiator of an optimized rekey request sends a CREATE_CHILD_SA payload with the OPTIMIZED_REKEY notify payload containing the new Security Parameter Index (SPI) for the new Child SA. It omits the SA payload. If the current Child SA was negotiated with Perfect Forward Secrecy (PFS), a KEi payload MUST be included as well. If no PFS was negotiated for the current Child SA, a KEi payload MUST NOT be included. The responder of an optimized rekey request performs the same process. It includes the OPTIMIZED_REKEY notify with its new IKE SPI and omits the SA and TS payloads. Depending on the PFS negotiation of the current Child SA, the responder includes a KEr payload. Both parties send Nonce payloads just as they would do for a regular Child SA rekey. Using the received old SPI from the REKEY_SA payload and the new SPI received from the OPTIMIZED_REKEY payload, both parties can perform the Child SA rekey operation. The CREATE_CHILD_SA message exchange in this case is shown below: Initiator Responder -------------------------------------------------------------------- HDR, SK {N(REKEY_SA), N(OPTIMIZED_REKEY), Ni, [KEi,]} --> <-- HDR, SK {N(OPTIMIZED_REKEY), Nr, [KEr,]} 6. Payload Formats 6.1. OPTIMIZED_REKEY_SUPPORTED Notify The OPTIMIZED_REKEY_SUPPORTED Notify Message type notification is used by the initiator and responder to indicate their support for the optimized rekey negotation. Kampati, et al. Expires 12 January 2022 [Page 5] Internet-Draft IKEv2 Optional Child SA&TS Payloads July 2021 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Protocol ID(=0)| SPI Size (=0) | Notify Message Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * Protocol ID (1 octet) - MUST be 0. * SPI Size (1 octet) - MUST be 0, meaning no SPI is present. * Notify Message Type (2 octets) - MUST be the value [TBD1]. This Notify Message type contains no data. 6.2. OPTIMIZED_REKEY Notify The OPTIMIZED_REKEY Notify Message type is used to perform an optimized IKE SA or Child SA rekey. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Protocol ID | SPI Size (=8) | Notify Message Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Security Parameter Index (SPI) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * Protocol ID (1 octet) - MUST be 1. * SPI Size (1 octet) - MUST be 8 when rekeying an IKE SAs. MUST be 4 when rekeying a Child SA. * Notify Message Type (2 octets) - MUST be set to the value [TBD2]. * SPI (4 octets or 8 octets) - Security Parameter Index. The peer's new SPI. 7. IANA Considerations This document defines two new Notify Message Types in the "IKEv2 Notify Message Types - Status Types" registry. IANA is requested to assign codepoints in this registry. Kampati, et al. Expires 12 January 2022 [Page 6] Internet-Draft IKEv2 Optional Child SA&TS Payloads July 2021 NOTIFY messages: status types Value ---------------------------------------------------------- OPTIMIZED_REKEY_SUPPORTED TBD1 OPTIMIZED_REKEY TBD2 8. Operational Considerations Some implementations allow sending rekey messages with a different set of Traffic Selectors or cryptographic parameters in response to a configuration update. IKEv2 states this SHOULD NOT be done. Whether or not optimized rekeying is used, a configuration change that changes the Traffic Selectors or cryptographic parameters MUST NOT use the optimized rekey method. It SHOULD also not use a regular rekey method but instead start an entire new IKE and Child SA negotiation with the new parameters. 9. Security Considerations The optimized rekey removes sending unneccessary new parameters that originally would have to be validated against the original parameters. In that sense, this optimalization enhances the security of the rekey process. 10. Acknowledgments Special thanks go to Paul Wouters, Valery Smyslov, and Antony Antony. 11. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. [RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T. Kivinen, "Internet Key Exchange Protocol Version 2 (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October 2014, <https://www.rfc-editor.org/info/rfc7296>. [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>. Authors' Addresses Sandeep Kampati Huawei Technologies Divyashree Techno Park, Whitefield Kampati, et al. Expires 12 January 2022 [Page 7] Internet-Draft IKEv2 Optional Child SA&TS Payloads July 2021 Bangalore 560066 Karnataka India Email: sandeepkamp...@huawei.com Wei Pan Huawei Technologies 101 Software Avenue, Yuhuatai District Nanjing Jiangsu, China Email: william.pan...@huawei.com Meduri S S Bharath Mavenir Systems Pvt Ltd Manyata Tech Park Bangalore Karnataka India Email: bharath.med...@mavenir.com Meiling Chen China Mobile 32 Xuanwumen West Street, West District Beijing Beijing, 100053 China Email: chenmeil...@chinamobile.com Kampati, et al. Expires 12 January 2022 [Page 8]
<?xml version="1.0" encoding="UTF-8"?> <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.3.24 --> <!DOCTYPE rfc SYSTEM "rfc2629.dtd" [ ]> <?rfc toc="yes"?> <?rfc sortrefs="yes"?> <?rfc symrefs="yes"?> <rfc ipr="trust200902" consensus="true" docName="draft-kampati-ipsecme-ikev2-sa-ts-payloads-opt-05" category="std"> <front> <title abbrev="IKEv2 Optional Child SA&TS Payloads">IKEv2 Optional SA&TS Payloads in Child Exchange</title> <author initials="S." surname="Kampati" fullname="Sandeep Kampati"> <organization abbrev="Huawei">Huawei Technologies</organization> <address> <postal> <street>Divyashree Techno Park, Whitefield</street> <city>Bangalore</city> <region>Karnataka</region> <code>560066</code> <country>India</country> </postal> <email>sandeepkamp...@huawei.com</email> </address> </author> <author initials="W." surname="Pan" fullname="Wei Pan"> <organization abbrev="Huawei">Huawei Technologies</organization> <address> <postal> <street>101 Software Avenue, Yuhuatai District</street> <city>Nanjing</city> <region>Jiangsu</region> <code></code> <country>China</country> </postal> <email>william.pan...@huawei.com</email> </address> </author> <author initials="M." surname="Bharath" fullname="Meduri S S Bharath"> <organization abbrev="Mavenir">Mavenir Systems Pvt Ltd</organization> <address> <postal> <street>Manyata Tech Park</street> <city>Bangalore</city> <region>Karnataka</region> <code></code> <country>India</country> </postal> <email>bharath.med...@mavenir.com</email> </address> </author> <author initials="M." surname="Chen" fullname="Meiling Chen"> <organization abbrev="CMCC">China Mobile</organization> <address> <postal> <street>32 Xuanwumen West Street, West District</street> <city>Beijing</city> <region>Beijing</region> <code>100053</code> <country>China</country> </postal> <email>chenmeil...@chinamobile.com</email> </address> </author> <date year="2021"/> <area>Security</area> <workgroup>IPSECME Working Group</workgroup> <keyword>Internet-Draft</keyword> <abstract> <t>This document describes a method for reducing the size of the Internet Key Exchange version 2 (IKEv2) CREATE_CHILD_SA exchanges used for rekeying of the IKE or Child SA by replacing the SA and TS payloads with a Notify Message payload. Reducing size and complexity of IKEv2 exchanges is especially useful for low power consumption battery powered devices.</t> </abstract> </front> <middle> <section anchor="introduction" title="Introduction"> <t>The Internet Key Exchange protocol version 2 (IKEv2) <xref target="RFC7296"></xref> is used to negotiate Security Association (SA) parameters for the IKE SA and the Child SAs. Cryptographic key material for these SAs have a limited lifetime before it needs to be refreshes, a process referred to as "rekeying". IKEv2 uses the CREATE_CHILD_SA exchange to rekey either the IKE SA or the Child SAs.</t> <t>When rekeying, a full set of previously negotiated parameters are exchanged. However, most of these parameters will be the same, and some of these parameters MUST be the same.</t> <t>For example, the Traffic Selector (TS) negotiated for the new Child SA MUST cover the Traffic Selectors negotiated for the old Child SA. And in practically all cases, a new Child SA would not need to cover more Traffic Selectors. In the rare case where this would be needed, a new Child SA could be negotiatied instead of the current Child SA being rekeyed. Similarly, IKEv2 states that the cryptographic parameters negotiated for rekeying SHOULD NOT be different. This means that the security properties of the IKE or Child SA in practise do not change during a typical rekey.</t> <t>This document specifies a method to omit these parameters and replace them with a single Notify Message declaring that all these parameters are identical to the originally negotiated parameters.</t> <t>For security gateways/ePDG in 4G networks or cRAN/Cloud gateways in 5G networks, gateways typically support more than 100,000 IKE/IPSEC tunnels. At any point in time, there will be hundreds or thousands of IKE SAs and Child SAs that are being rekeyed. This takes a large amount of bandwidth and CPU power and any protocol simplification or bandwidth reducing would result in an significant resource saving.</t> <t>For Internet of Things (IoT) devices which utilize low power consumption technology, reducing the size of rekey exchange reduces its power consumption, as sending bytes over the air is usually the most power consuming operation of such a device. Reducing the CPU operations required to verify the rekey exchanges parameters will also save power and extend the lifetime for these devices.</t> <t>When using identical parameters during the IKE or Child SA rekey, the SA and TS payloads can be omited. For an IKE SA rekey, instead of the (large) SA payload, only a Key Exchange (KE) payload and a new Notify Type payload with the new SPI is required. For a Child SA payload, instead of the SA or TS payloads, only an optional Nonce payload (when using PFS) and a new Notify Type payload with the new SPI is needed. This makes the rekey exchange packets much smaller and the peers do not need to verify that the SA or TS parameters are compatible with the old SA.</t> </section> <section anchor="conventions-used-in-this-document" title="Conventions Used in This Document"> <section anchor="requirements-language" title="Requirements Language"> <t>The key words âMUSTâ, âMUST NOTâ, âREQUIREDâ, âSHALLâ, âSHALL NOTâ, âSHOULDâ, âSHOULD NOTâ, âRECOMMENDEDâ, âNOT RECOMMENDEDâ, âMAYâ, and âOPTIONALâ in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shown here.</t> </section> </section> <section anchor="negotiation" title="Negotiation of Support for OPTIMIZED REKEY"> <t>To indicate support for the optimized rekey negotiation, the initiator includes the OPTIMIZED_REKEY_SUPPORTED Notify payload in the IKE_AUTH exchange request. A responder that supports the optimized rekey exchange inclues the OPTIMIZED_REKEY_SUPPORTED Notify payload in its response. Note that the notify indiciates support for optimized rekey for both IKE and Child SAs.</t> <t>When a peer wishes to rekey an IKE SA or Child SA, it MAY use the optimized rekey method during the CREATE_CHILD_SA exchange. A responder MUST accept that the initiator uses a regular or optimized reey.</t> <t>The initiator indicates its support for optimizing payloads at rekeying IKE SAs and Child SAs by including a Notify payload of type MINIMAL_REKEY_SUPPORTED in the IKE_AUTH request message. By observing the MINIMAL_REKEY_SUPPORTED notification in the received message, the responder can deduce the initiatorâs support of this extension. If the responder also supports this extension, it includes the MINIMAL_REKEY_SUPPORTED notification in the corresponding response message. After receiving the response message, the initiator can also know the support of this extension of the responder side.</t> <t>The IKE_AUTH message exchange in this case is shown below:</t> <figure><artwork><![CDATA[ Initiator Responder -------------------------------------------------------------------- HDR, SK {IDi, [CERT,] [CERTREQ,] [IDr,] AUTH, SAi2, TSi, TSr, N(OPTIMIZED_REKEY_SUPPORTED)} --> <-- HDR, SK {IDr, [CERT,] AUTH, SAr2, TSi, TSr, N(OPTIMIZED_REKEY_SUPPORTED)} ]]></artwork></figure> <t>If the responder does not support this extension, as per regular IKEv2 processing, it MUST ignore the unknown Notify payload. The initiator will notice the lack of the OPTIMIZED_REKEY_SUPPORTED Notify in the reply and thus know it cannot use the optimized rekey method.</t> <t>The IKE_AUTH message exchange in this case is shown below:</t> </section> <section anchor="payload-optimization-ike" title="Optimized Rekey of the IKE SA"> <t>The initiator of an optimized rekey request sends a CREATE_CHILD_SA payload with the OPTIMIZED_REKEY notify payload containing the new Security Parameter Index (SPI) for the new IKE SA. It omits the SA payload.</t> <t>The responder of an optimized rekey request performs the same process. It includes the OPTIMIZED_REKEY notify with its new IKE SPI and omits the SA payload.</t> <t>Both parties send Nonce and KE payloads just as they would do for a regular IKE SA rekey.</t> <t>The CREATE_CHILD_SA message exchange in this case is shown below:</t> <figure><artwork><![CDATA[ Initiator Responder -------------------------------------------------------------------- HDR, SK {N(OPTIMIZED_REKEY), Ni, KEi} --> <-- HDR, SK {N(OPTIMIZED_REKEY), Nr, KEr} ]]></artwork></figure> </section> <section anchor="payload-optimization-child" title="Optimized Rekey of Child SAs"> <t>The initiator of an optimized rekey request sends a CREATE_CHILD_SA payload with the OPTIMIZED_REKEY notify payload containing the new Security Parameter Index (SPI) for the new Child SA. It omits the SA payload. If the current Child SA was negotiated with Perfect Forward Secrecy (PFS), a KEi payload MUST be included as well. If no PFS was negotiated for the current Child SA, a KEi payload MUST NOT be included.</t> <t>The responder of an optimized rekey request performs the same process. It includes the OPTIMIZED_REKEY notify with its new IKE SPI and omits the SA and TS payloads. Depending on the PFS negotiation of the current Child SA, the responder includes a KEr payload.</t> <t>Both parties send Nonce payloads just as they would do for a regular Child SA rekey.</t> <t>Using the received old SPI from the REKEY_SA payload and the new SPI received from the OPTIMIZED_REKEY payload, both parties can perform the Child SA rekey operation.</t> <t>The CREATE_CHILD_SA message exchange in this case is shown below:</t> <figure><artwork><![CDATA[ Initiator Responder -------------------------------------------------------------------- HDR, SK {N(REKEY_SA), N(OPTIMIZED_REKEY), Ni, [KEi,]} --> <-- HDR, SK {N(OPTIMIZED_REKEY), Nr, [KEr,]} ]]></artwork></figure> </section> <section anchor="payload-formats" title="Payload Formats"> <section anchor="supported-notify" title="OPTIMIZED_REKEY_SUPPORTED Notify"> <t>The OPTIMIZED_REKEY_SUPPORTED Notify Message type notification is used by the initiator and responder to indicate their support for the optimized rekey negotation.</t> <figure><artwork><![CDATA[ 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Protocol ID(=0)| SPI Size (=0) | Notify Message Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ]]></artwork></figure> <t><list style="symbols"> <t>Protocol ID (1 octet) - MUST be 0.</t> <t>SPI Size (1 octet) - MUST be 0, meaning no SPI is present.</t> <t>Notify Message Type (2 octets) - MUST be the value [TBD1].</t> </list></t> <t>This Notify Message type contains no data.</t> </section> <section anchor="optimized-rekey" title="OPTIMIZED_REKEY Notify"> <t>The OPTIMIZED_REKEY Notify Message type is used to perform an optimized IKE SA or Child SA rekey.</t> <figure><artwork><![CDATA[ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Protocol ID | SPI Size (=8) | Notify Message Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Security Parameter Index (SPI) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ]]></artwork></figure> <t><list style="symbols"> <t>Protocol ID (1 octet) - MUST be 1.</t> <t>SPI Size (1 octet) - MUST be 8 when rekeying an IKE SAs. MUST be 4 when rekeying a Child SA.</t> <t>Notify Message Type (2 octets) - MUST be set to the value [TBD2].</t> <t>SPI (4 octets or 8 octets) - Security Parameter Index. The peer's new SPI.</t> </list></t> </section> </section> <section anchor="iana-considerations" title="IANA Considerations"> <t>This document defines two new Notify Message Types in the âIKEv2 Notify Message Types - Status Typesâ registry. IANA is requested to assign codepoints in this registry.</t> <figure><artwork><![CDATA[ NOTIFY messages: status types Value ---------------------------------------------------------- OPTIMIZED_REKEY_SUPPORTED TBD1 OPTIMIZED_REKEY TBD2 ]]></artwork></figure> </section> <section anchor="operational-considerations" title="Operational Considerations"> <t>Some implementations allow sending rekey messages with a different set of Traffic Selectors or cryptographic parameters in response to a configuration update. IKEv2 states this SHOULD NOT be done. Whether or not optimized rekeying is used, a configuration change that changes the Traffic Selectors or cryptographic parameters MUST NOT use the optimized rekey method. It SHOULD also not use a regular rekey method but instead start an entire new IKE and Child SA negotiation with the new parameters.</t> </section> <section anchor="security-considerations" title="Security Considerations"> <t>The optimized rekey removes sending unneccessary new parameters that originally would have to be validated against the original parameters. In that sense, this optimalization enhances the security of the rekey process.</t> </section> <section anchor="acknowledgments" title="Acknowledgments"> <t>Special thanks go to Paul Wouters, Valery Smyslov, and Antony Antony.</t> </section> </middle> <back> <references title='Normative References'> <reference anchor="RFC2119" target='https://www.rfc-editor.org/info/rfc2119'> <front> <title>Key words for use in RFCs to Indicate Requirement Levels</title> <author initials='S.' surname='Bradner' fullname='S. Bradner'><organization /></author> <date year='1997' month='March' /> <abstract><t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t></abstract> </front> <seriesInfo name='BCP' value='14'/> <seriesInfo name='RFC' value='2119'/> <seriesInfo name='DOI' value='10.17487/RFC2119'/> </reference> <reference anchor="RFC8174" target='https://www.rfc-editor.org/info/rfc8174'> <front> <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title> <author initials='B.' surname='Leiba' fullname='B. Leiba'><organization /></author> <date year='2017' month='May' /> <abstract><t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t></abstract> </front> <seriesInfo name='BCP' value='14'/> <seriesInfo name='RFC' value='8174'/> <seriesInfo name='DOI' value='10.17487/RFC8174'/> </reference> <reference anchor="RFC7296" target='https://www.rfc-editor.org/info/rfc7296'> <front> <title>Internet Key Exchange Protocol Version 2 (IKEv2)</title> <author initials='C.' surname='Kaufman' fullname='C. Kaufman'><organization /></author> <author initials='P.' surname='Hoffman' fullname='P. Hoffman'><organization /></author> <author initials='Y.' surname='Nir' fullname='Y. Nir'><organization /></author> <author initials='P.' surname='Eronen' fullname='P. Eronen'><organization /></author> <author initials='T.' surname='Kivinen' fullname='T. Kivinen'><organization /></author> <date year='2014' month='October' /> <abstract><t>This document describes version 2 of the Internet Key Exchange (IKE) protocol. IKE is a component of IPsec used for performing mutual authentication and establishing and maintaining Security Associations (SAs). This document obsoletes RFC 5996, and includes all of the errata for it. It advances IKEv2 to be an Internet Standard.</t></abstract> </front> <seriesInfo name='STD' value='79'/> <seriesInfo name='RFC' value='7296'/> <seriesInfo name='DOI' value='10.17487/RFC7296'/> </reference> </references> </back> <!-- ##markdown-source: H4sIAC2I4mAAA+1b7W4bSXb9T4DvUPEAO9KG5Ega2+MRNouhJXnMtSUrorzO ZHZgFNlFsqJmN7ermhyu7UVeI6+XJ8m5t6q6m82mJHsMIwmWBiyyWR/389xT H+x2u+2W1TZWx2Lw4mx5JF4trE4TGYth/3fXQ3Ep13EqIyN0Ik5mOo7E2a/j mUymqt2So1GmllsdXbPN7u1WlI4TOcc0USYntnsj5wtpdVcvjBrPVVffqOVR 18iuNd2F79RNF7Z78KjdGkurpmm2PhbGRu1Wu6UX2bGwWW7s0cHB9wdHkCVT 8lgM1TjPtF23W6s0u5lmab6AeJfDs5PzM/EGj3QyFT/S43brRq3RKML3iVVZ omz3lCSj4Y2VSfRWxmmieBroutDH7ZYQNh0fi7Uy9N6kmc3UxJQP1vPKZ8iU 21maoV8X1sPjYU+8cGpTa2eNIWZSalH9Is2mx+J5LldKi2s1niVpnE61myKY 3H1NT9Rc6hiGceN4s/4w4+9743TOgkFOZY/FqV6upZnhgx8Y/sluOuLNTFs1 0SqOqPU4jSDY148eHxw8fvw1P4FJj8VTeB02yRQ9ytQU3j6G3FkirbyRrmee WHLTIIm0LPR+08M8SanzGyjmH3ySrisdx1rOewuZ4Isduh4eHIphOrErRIbo L1WSq474KUdjKzUsgXZ6bEt9HzwoNb2QyX8gUqp6/klDe5NvaIlAT0otz3vi 6Uxm0s5KTc9VhHgUQ/yrfMdKn0vIpDMxXBur5kZcLq14aaOq4r5JRfORG6Q3 53F/mLsGddXPZbKGlmxQ9nCzlp/sT2h6MlNJVU0dU2aFp6wgW0ecpyMdq6pW J+cnJxWVxugzd/1/GFOXOfeo6/Ttkfi3HP7O5ypBABkrhvxNx31o8OfhwcHB o2+r+ipd92rl0UnNq+1WkmZz5NJSceZfPTs5Ojz8Prx/cvjdw/D+u6PvHx8z LCWTSh/3r9vtQnVIJ8eMLdczbQTAkBSxIlJmnOmRMkKKuQJcRAJDQL4oH5NF 7UwJo/+mRDqh9+1WACvxQq0LKBZLlRkoJI7EHoPxvlD+KwxshdVzHiFTAD3W F62A0PgyiQq8NmK0RpN5uqSZIcVcMl6mAdgxwrAvfieuh8BDj9E9cRVkDXK6 clAKQPoqozM5ihVrF6crDJCuVAZfJSaf8wRiJC10Wwv+RkXotNRjhRkGVsjY pGKm4oUBBAu5THUEXG+3JpmckiElj1BMPlfGSMzdCx6Y6yiiMGy3viK8z1LI TF2cR5RoNusiSwH4adxgX7NQYw3IjJAS7dbPPgp+IWVzw0/Zd4PLoiah6yXe 7wuZjQlvxzbPnD3YsYs8W6QG5iIrhy59Y9KxdsrtDfv7YoH8R5xAHJGgJFr/ Hdzoyg1MoalaRgKeLnzQE6RjoU1O07w+vRTSsJCIzcQsUM1gT4ijrSkM2BGr mQaKsG+XMgM0i0mWzkWMBugsYfREiVmeROSy0doSdsNFRsFmiJkbHaf8lF3R H49RcjmwU1EYrePCXI0zOAByexMiGmHsb9hqHJ5mluZUokbKNUiTeM0GlCLW c01aAz2QxpwtFPMU3piJNIe9y3YwVtEwAtz1UAKV81isJyrkC7RDwKtfFzoj x2TkXTlKc2RU2m655074hSKXjNGBc4yfoSvmBkiBToxibWaYP1Er/xwYC69z 31iOQ4KLNCa9FFvrGWY0IRSm8OpKrs036vL0Rwqvhz9iNEs8x6Xx+Kp/8c1J nOYcfI9+BID5r1nENZdNYfIFeVrMgfvOf8DJDqAy2PrsRNg8SVSMxBtCS44u ZBy8OYWyZG5y7ZokS8m8MyQroGItRkUcsK0AZjmxEoroXYADAeAV9A/IRJEK I5NxDEZDDhaOgt/ReaUjO+sgD8Y3CJbN9KexWS/4G8BhKM7guDTPGEZgTja4 UQFa2DCG2wOb5s6BUMOk8dIFoPZY4bEY1DCNc54sILdP9Qqo9wqYp3Ah4EK0 TvKYGhY4A3ejCSgFYCG93g8SuXRrtzBHrP9Gs8aMk9toaQNbWjdrtlFCYpVM 7czj4zfB/oXVi3Qnqp2ASy4VdysMXp25J/rWJSyQiNOsA8hg05GyMFHojhK+ gCIY3ztEcYlh6PD1g52vk3GcRypiw52nxhbWiNLkv//zvyz6qwn0R9p4ZB5n 64VNp5lcwF4IaiQ1AZP6aw4HxGuM9HRNUeQMQH6IlhJxMlUhNSlYsEAJdSy4 fi4jVVQ8wIRTtV5ARWM4o1LBeDnDpc05JjuUQEApn/mXA4BonCuKjEQp6Mw6 Ye1inWDUyo29MTT0GaZ+kAug/mRdGNDhM/wDWpsYPwiPXM7mdINniHKglVXo 6AFn2xTsBmgylqZR6U7oV7cdmW2OQoGUmHA8Zk7RwmsYrMlxbLf6bO1WYdfO HT6rzisq0yKab52Xx+ufvCTrTfQ0z9hlPccSTtJkSdUUgS9e+4rOSX3q05yb fQX689ccZYCeGPES0+VyqgKtoFJAi0wjHpy/Hl4/6Li/4uIVv786+9fXg6uz U3o/fN5/+bJ441q0W/j06vVL34DelV1PXp2fn12cut54KmqPzvs/4Q+p+ODV 5fXg1UX/5YMtrOL8QwiOKAsBTUg0LqNmE9+enoBrHT4U7979k+fBHz74D0SE 8WGF+ulm43h3H7nsyMVCyYxGkXFMALPQFkDRoUlQ0VeJII95q18GjnKqEM+x KaAU1YZhD0iy1JCtZDORa+lq4EYaBC5ObDWzLq6fqglViNwUyEA55SPIpawn bsQ69HwRq7LArGYEb66CGgK9mWQ+epOkK1fLAhdwuF9pCoahqSJaX0Z8GSba m1oCjMiXo0o0b8Gz4AQGhIIhQCmaxxfePMlQjqcJdAgsm8eibGCBUFiJBymK aaf3BFbLafHHfG5GbkowmRNiojPAMIBiQakEFQPbdDBViD/hsQByFQNCHrtS nk6BgThyxBwUlueAw0NPoMeVhCdAJRjAErMRaIuHFcTtT6zyDLpCiJ0SOtH0 GbYgoAh25a/qpi0whRZxziUsCUOTsyLncQemHweoLvk37BBMMqFa7Ofi0hfA CtFxe/kgS1PJjJGCSH0WorlhMQ4Z00/s+EowOcdTz4EQKNACTE1lnp9iIYrK 7gi0N8ZY6WVDwPU8xl1sqjosVeVdP6/pZUXTq9s1ffdVxXofAlqW/tJJxMsY w4uRimlFg2W5St9hWqZyxDLYavUaSuTSrhdKnA8uBuf9l2+vzl6c/fR2+Pry 8tXV9dlpsZp7cfa2//r6uWCigQQJdhJP13D6yKhsGSjXrqESmpqUI2PqTQe0 W37Ajn9cdVxEhE5tBjbIkdlORvWrVYlhqjaY1EbaxCUGgqI58TiKf2Zj5mO1 ALSnmZ/IM2+8RVEvjORy1SkbzBRa1VTfTF0W2oPsFviU8js/bqhLedArFvnB fSHpw/q4KItMQnSoSyMF8s0bOX/HizhREGrX6ypMzLsOv/nVbj0/veqI4Qvx bnCqO+Lnk7Or684v7i/IQ+cX2oES4ufBaYbHpBta9/VRBzRJ039Zx7W42Nvh yf0Potv9o2u0+/WHbldURMlKUXjOu7qH17CfbYt29+sW4YNr4Jx6pEepMm71 EAJmO9oFszE9TdxqGFF4r4APZXgzUglxaLx2i9iYF0SoLEt55bLR2NEBosY7 JqTtxyag2MyppmQpcELaejbcZRKudkUidALmucrcXIKMZw5hLyk3uYzFStJ2 Q4XvVPkBccuJTnavnP+Rqf/LMrWSZmADvs6H0u/3XrZrfnBmUWVr7bdKdlga ibDBlye0V+CpkNtim9HmQqAHvPuks1sqApKUqb7LhCpl87vtG8ucd++qtOSD 27LcsQOATHNyd3ixU0vEiPZo5why07wQTpjYNC5KIS6nLzr4nYCVpI0Z3iSI aGctlsZbT0UligGU2B7CxQ2t+c4H/16DrmLjvmEbYFE56t3gyHW2w7sDLOBt U7ldoeqCbJO2YN0FYAnbm5dhY5vOmtSvYm94Odh3UUC0j7UPnKHcJHEeaqAV m1Pt0oQxygHUbZow9MF5FRvVCRqRE3a1XwOWkbCStDEA/G9ef/gBeXWUcCSB gdlK/BTrShdDTIXKQNINgUSrS4qkuoybUVKxiStUwSauVBEPLFTwVrrV3aI5 sKh2lDtL4pMCp90qlAiRw5tb94uO6pFDYxTyWLIwS8NMnbpFtlrXtv594m6s 7ovidnJ11r8+e3vyfPDy9C1a/R+scRd7NQfuh+qFgvHiTH98qdo54t2vi4zm rBapzcUkhTydr94neju8OAQAl0BJvpbiVE8mWnWfqziew9V+F9cBJRQu87jv gK2cnqJLu1VarMuTQXrMVy4CAtfEqxHAMD4rVxJADwiTNI796ijN9FTTae2l yiZ06PUszVbSZcCQjtjGa7F3+Wy4324VeW3AgCUfR5KyKmE4YeCLpxjPzub+ SA4kj4tPdX9gc4shU6SlEXthh82fE5z7IB+cukMxbr/voEXeAb9134jbXNNu 1XyT1XxTEXbbNY4n3OWbRvHKY59bWzMKj8pDD94YrWMCreE9GBSlypOMgkps Vmx/glKcY97PpDRU6Fvf1q+sZUa1M5r7kMBiqXBvGlguLupEsN1yTFD8FiKI QUxZIz4jESwE/xQm2FTAbz2eQHUvCWJxkgeKKO7NEO8bGzsOisrLH3cyxV31 fhPc7sEUxTZRpAp4H6ZYOUP7slyxdlpVo2PtFnNG8emUkdPKcUbx0ZSRFhT3 DbmdRDLsL9zKJMU2kfxsAfjFCOVmENUpJV3aQH+zAepl3agitQxW83Pu6lNq shE/H0NCC3D4f09Dh/39jriVk/4Mjtb55YvTUkybYdoqM/0kftBu1b11L35Q Q6Bibz8Su+41VE7WihtR9yKmjUyifl5fqeulLOHk14/zjE9tjacZu7ZjLzb2 NFxA3++sorxctrV7W4EFymx3m9MzCznSMZUfGKv5cM9l9f0uigTc8AejAyvo 2MbdHfXH747Rm0qiNQbZYcOzo4Zn36L/AVofiW/FQ/FIPBbfiSfi+4951m79 c/c3/mu33osLcLLC2eL9yXsAxNnw7OrP8BQ+FxKHJi/d1SX/ev95pCiuGQxO 9/7lYP89o/+QKi19DFL4U8KwdLmmE8LPKEXAhN+Lijhi71CkY6vsvugWWHDQ o1aljE1NOkACSQf4nPtuYbNAPLtt9d83KrN35AYy1ZH+8ocL5e4lTZX1C12+ IjDoX/T/8keX3O6xNLRy9DXzvseF5TppIzGL+gzx+UpmuF9TA8umzL8VUEPG 87LT3bWsb3jemb1b4LrjYlHYemOStVGoC2TphEupO4UhIKqi5p1YvUu8duuj Lj7dIjRt+RJIibsw6uAfCPXZEYpHrSLUky+FUKWu/nXHdn399b5hiI98fWmo Pbwbap+4fHMbYve4H4ouD+/RpaReXwyub8PNwg57D/2stLHwpCLBrmBwvzao 779ubIi6JpVrGtxkY2PO00LSgu5i0trFwVR5J7DyK5qJW/eu0uoV2arxir2K B/wDjnarsQ2UstLmxn18wL8TMjZb95wc2oRdAbZ4u+Usyr84WqSaVu1h0VT0 LMERxHfw7Kdi55Z+zMhzWZ668vozeeu3LJZ2X2PYel0/Pd1eje98ceviKLiM gG0HvXHxHtbQjZt/u64BhP0Gnxju1noDi5aVi5x+m7nxejFfDgm/RvLUe6Py uaFo24UWL3yDWxb3qtweH4XV5uDF3nhN3FWafG3p1mvMSwysnf3UvfrBBP/Q q0gB/nELxURm/XzhFCkrl/L046cwspOpGJsc0h/TplKsIv5VBDtiSPcsZUx7 QsmNEdOUxriUeSzepDn9kKhD8UY/6BjO1yZOl46g9BObJmv/p/gZ1UiOb+j9 /wBYIJ0GNzwAAA== --> </rfc>
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec