Re: [IPsec] I-D Action: draft-pan-ipsecme-anti-replay-notification-00.txt

Tue, 05 Mar 2024 00:37:30 -0800 

Hi folks,

As a follow-up of the previous discussion about ESN and anti-replay 
entanglement problem, we've prepared a draft: 
https://datatracker.ietf.org/doc/draft-pan-ipsecme-anti-replay-notification/

The current draft mainly wants to highlight the problem.
It also gives a preliminary solution of adding anti-replay status notification 
in IKEv2 to fulfill the requirement in RFC 4303 and RFC 4303.
Whether to do unbinding ESN from anti-replay needs more discussion and 
feedback, and can be updated into the draft in the future if people want.

Comments and reviews are more than welcome.

Regards & Thanks!
Wei PAN (潘伟)

-----Original Message-----
From: I-D-Announce <i-d-announce-boun...@ietf.org> On Behalf Of 
internet-dra...@ietf.org
Sent: Monday, March 4, 2024 3:19 PM
To: i-d-annou...@ietf.org
Subject: I-D Action: draft-pan-ipsecme-anti-replay-notification-00.txt

Internet-Draft draft-pan-ipsecme-anti-replay-notification-00.txt is now 
available.

   Title:   IKEv2 Support for Anti-Replay Status Notification
   Authors: Wei Pan
            Qi He
            Paul Wouters
   Name:    draft-pan-ipsecme-anti-replay-notification-00.txt
   Pages:   7
   Dates:   2024-03-03

Abstract:

   RFC 4302 and RFC 4303 specify that, during Security Association (SA)
   establishment, IPsec implementation should notify the peer if it will
   not provide anti-replay protection, to avoid having the peer do
   unnecessary sequence number monitoring and SA setup.

   This document defines the ANTI_REPLAY_STATUS Notify Message Status
   Type Payload in the Internet Key Exchange Protocol Version 2 (IKEv2)
   to inform the peers of their own anti-replay status when creating the
   IPsec SAs, to fulfill the above requirement.

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-pan-ipsecme-anti-replay-notification/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-pan-ipsecme-anti-replay-notification-00.html

Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts


_______________________________________________
I-D-Announce mailing list
i-d-annou...@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to