Hi, We’ve submitted an updated revision of draft-ponchon-ipsecme-anti-replay-subspaces. We’ve modified the IKE transform for the negotiation of the requested and supported number of subspaces. Thanks to everyone who shared feedback already. We welcome more input on the revised draft.
Paul De : [email protected] <[email protected]> Date : lundi, 23 octobre 2023 à 12:33 À : Guillaume Solignac (gsoligna) <[email protected]>, Hadi Dernaika <[email protected]>, Mohsin Shaikh (mohsisha) <[email protected]>, Paul Ponchon (pponchon) <[email protected]>, Pierre Pfister (ppfister) <[email protected]> Objet : New Version Notification for draft-ponchon-ipsecme-anti-replay-subspaces-03.txt A new version of Internet-Draft draft-ponchon-ipsecme-anti-replay-subspaces-03.txt has been successfully submitted by Paul Ponchon and posted to the IETF repository. Name: draft-ponchon-ipsecme-anti-replay-subspaces Revision: 03 Title: IPsec and IKE anti-replay sequence number subspaces for traffic-engineered paths and multi-core processing Date: 2023-10-23 Group: Individual Submission Pages: 13 URL: https://www.ietf.org/archive/id/draft-ponchon-ipsecme-anti-replay-subspaces-03.txt Status: https://datatracker.ietf.org/doc/draft-ponchon-ipsecme-anti-replay-subspaces/ HTMLized: https://datatracker.ietf.org/doc/html/draft-ponchon-ipsecme-anti-replay-subspaces Diff: https://author-tools.ietf.org/iddiff?url2=draft-ponchon-ipsecme-anti-replay-subspaces-03 Abstract: This document discusses the challenges of running IPsec with anti- replay in multi-core environments where packets may be re-ordered (e.g., when sent over multiple IP paths, traffic-engineered paths and/or using different QoS classes). A new solution based on splitting the anti-replay sequence number space into multiple different sequencing subspaces is proposed. Since this solution requires support on both parties, an IKE extension is proposed in order to negotiate the use of the anti-replay sequence number subspaces. The IETF Secretariat
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
