Hi Roman,
We have updated our draft to incorporate Russ' feedback and also changes
from IANA review. it also includes the following changes following your
suggestions.
The updated draft is available here
https://github.com/post-quantum/ietf-pq-ikev2/blob/master/draft-ietf-ipsecme-ikev2-multiple-k
Hi Valery,
On Mon, Oct 17, 2022 at 05:10:32PM +0300, Valery Smyslov wrote:
> > >
> > > > I could guess that the fallback SA *does* require locks.
> > >
> > > It also seems to me. So I see no difference if the packet
> > > can be re-steered to a different CPU, in any case we'll have
> > > performan
If you have the bandwidth, I would recommend publishing a new draft. The
pre-meeting publication cut off is on Oct 24. Having an up to date document is
helpful going into the meeting.
Roman
From: IPsec on behalf of CJ Tjhai
Sent: Friday, October 21, 2022 3:08
These changes resolve me comments.
Russ
> On Oct 21, 2022, at 2:48 AM, CJ Tjhai
> wrote:
>
> Hi Russ,
>
> Many thanks for the review of our document. Please see our comments inline
> below. The updated version of the draft is available here:
> https://github.com/post-quantum/ietf-pq-ikev2/b
On Oct 21, 2022, at 03:37, Steffen Klassert
wrote:
>
>
> Another possibility would be to use the same keymat on all
> percpu SAs
You cannot do that. You need to ensure unique IVs for AEAD so you would need to
subdivide the IV space. You would also still reach max operations on these SAs
on
Hi Steffen,
> Hi Valery,
>
> > Then my next question is - how the sending side decides
> > whether to one of use per-CPU SAs or the fallback SA?
> > My guess that the packet is handled by some kernel thread
> > (i.e. by some CPU), so once this CPU figures out that
> > it doesn't have an SA - I as
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions WG of
the IETF.
Title : Definitions of Managed Objects for IP Traffic Flow
Security
Authors : Don Fedyk
The IESG has approved the following document:
- 'Definitions of Managed Objects for IP Traffic Flow Security'
(draft-ietf-ipsecme-mib-iptfs-11.txt) as Proposed Standard
This document is the product of the IP Security Maintenance and Extensions
Working Group.
The IESG contact persons are Paul Wo
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions WG of
the IETF.
Title : Multiple Key Exchanges in IKEv2
Authors : C. Tjhai
M. Tomli
Ben Schwartz wrote:
> We've just put out an extensively revised version of our RISAV proposal
> (the I stands for IPsec). We'd like to start getting feedback from the
> IPsec experts. We're also hoping to present this idea and solicit
> feedback at IETF 115.
Thanks.
The questio
On Fri, Oct 21, 2022 at 3:43 PM Michael Richardson
wrote:
>
> Ben Schwartz wrote:
> > We've just put out an extensively revised version of our RISAV
> proposal
> > (the I stands for IPsec). We'd like to start getting feedback from
> the
> > IPsec experts. We're also hoping to prese
I suppose you could try to add a "we're exempt from 8200" paragraph and see
what happens.
You could also just say that ASBRs are presumed to be communicating within
a well-managed environment, are often zero or one hops away from one
another, and that this environment MUST accommodate the larger M
I haven't found in the draft an explanation of where the original source and
destination address would go. IPsec SPI are seat specific, the ABSR can't just
eat AH headers from packets that were not addressed to it.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
13 matches
Mail list logo
