Hi Valery, Thank you for the prompt answer. This is somehow what I have expected. Just wanted to double check. So there is at least the chance to proceed with the approach picked in RFC 8052. It still requires specification, but allows for taking the same approach. This would be important to have at least the same semantic of the payloads.
That already answers my question. Best regards Steffen From: Valery Smyslov <smyslov.i...@gmail.com> Sent: Monday, February 5, 2024 8:52 AM To: Fries, Steffen (T CST) <steffen.fr...@siemens.com>; ipsec@ietf.org Subject: RE: [IPsec] GDOI and G-IKEv2 payloads Hi, Steffen, in general, G-IKEv2 is not backward compatible with GDOI (likewise IKEv2 is not backward compatible with IKEv1). For this reason extensions defined for G-DOI should be redefined for G-IKEv2 (once it becomes an RFC). >From my reading of RFC 8052, it doesn't define new payloads for GDOI, instead >new ID type, Protocol ID etc. are specified. The same approach could be used for G-IKEv2 too. Regards, Valery. Hi, I've got a question regarding the relation of G-IKEv2 and GDOI. I realized that G-IKEv2 will be the successor of GDOI and would have a question regarding backward compatibility of payloads defined for GDOI. As the underlying exchanges for the base key management changed from IKE to IKEv2 they will not be backward compatible. Nevertheless, there have been enhancements of GDOI for protocols used in the power system domain like GOOSE and Sampled Values, which lead to the definition of new payloads for the ID, SA TEK and KD payloads to accommodate the power system protocol parameters in RFC 8052. Likewise, using the same approach new payloads of the same types have been defined to distribute parameters for PTP (Precision Time Protocol) in IEC 62351-9. In general, I realized that there are similar payloads available in G-IKEv2 but I was not quite sure, if it was a design criterion to have backward compatibility for extensions/enhancements defined for GDOI to be usable also in G-IKEv2. Could you please shed some light on this? Best regards Steffen -- Steffen Fries Siemens AG Technology Cybersecurity & Trust T CST Otto-Hahn-Ring 6 81739 Munich, Germany Phone: +49 (89) 7805-22928 mailto:steffen.fr...@siemens.com www.siemens.com [Logo] Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann Snabe; Managing Board: Roland Busch, Chairman, President and Chief Executive Officer; Cedrik Neike, Matthias Rebellius, Ralf P. Thomas, Judith Wiese; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin-Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
