This draft is missing an important part which is the actual negotiation of the multiple SAs. A peer willing to set these multiple SAs will have to negotiate them anyway. Some implementations can handle parallel CREATE_CHILD_SA others cannot and the negotiation of multiple SAs might take a very long time, at least a time that is not acceptable to high performance tunnels. Since these child SAs need to be created, the one willing to the multiple SAs can simply start and stop when the responder says stop. In terms of IKEv2 the gains are minimal. The document may add a mechanism similar to address that: https://datatracker.ietf.org/doc/draft-mglt-ipsecme-multiple-child-sa/
However, draft-ponchon-ipsecme-anti-replay-subspaces addresses all of these issues nicely and provides a much more scalable solution. It basically makes -IMO - both -multiple-child-sa and -multi-sa-performance obsolete. My suggestion is that -multi-sa-performance is being moved to experimental and almost shipped as it is so the work being achieved is documented. This has been some interesting work, but today, I would like the group to spend more cycles on draft-ponchon-ipsecme-anti-replay-subspaces that I consider more promising. Yours, Daniel On Tue, Nov 15, 2022 at 10:51 PM Panwei (William) <william.panwei= [email protected]> wrote: > Hi, > > I've read this draft and support the adoption. > > Regards & Thanks! > Wei PAN (潘伟) > > > -----Original Message----- > > From: IPsec <[email protected]> On Behalf Of Tero Kivinen > > Sent: Thursday, November 10, 2022 1:35 AM > > To: [email protected] > > Subject: [IPsec] IPsecME WG Adoption call for > > draft-pwouters-ipsecme-multi-sa-performance > > > > This is two week working group adoption call for the > > draft-pwouters-ipsecme-multi-sa-performance. If you support adoption of > this > > document to the IPsecME WG send email to the list before the 2022-11-24. > > > > Note, that this is starting point for the document, so if you have any > comments > > send them to list also. > > > > There is no specific item for this in our charter, but this should > > (now) be small enough change to fit in the "minor extensions" > > category... > > -- > > [email protected] > > > > _______________________________________________ > > IPsec mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/ipsec > > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec > -- Daniel Migault Ericsson
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
