On Wed, May 25, 2022 at 8:15 AM Robert Moskowitz
wrote:
>
>
> On 5/24/22 17:26, Daniel Migault wrote:
>
> The IKE negotiation is for diet-esp is currently defined in a specific
> draft:
>
> https://datatracker.ietf.org/doc/draft-mglt-ipsecme-ikev2-diet-esp-extension/
>
>
> I totally missed this
On 5/24/22 17:26, Daniel Migault wrote:
The IKE negotiation is for diet-esp is currently defined in a specific
draft:
https://datatracker.ietf.org/doc/draft-mglt-ipsecme-ikev2-diet-esp-extension/
I totally missed this draft. It should at least be referenced in
ipsecme-diet-esp.
I will
The IKE negotiation is for diet-esp is currently defined in a specific
draft:
https://datatracker.ietf.org/doc/draft-mglt-ipsecme-ikev2-diet-esp-extension/
I think you are suggesting that the architecture description details what
is negotiated by IKEv2. Am I correct ?
Yours,
Daniel
On Tue, May
Moskowitz
> *Cc:* Paul Wouters ; IPsecME WG <
> ipsec@ietf.org>
> *Subject:* Re: [IPsec] diet-esp - How do you know?
>
>
>
> The issue only comes when a gateway wants to support all sizes of SPIs 0 -
> 1 - 2 - 3 - 4 bytes - which is very unlikely. For a deterministic l
In My Highly Biased Opinion,,,
There should be a section on the IKE negotiation of diet-esp,
specifically calling out how this is done. Especially the incoming SPI
selection.
Then there should be a section, perhaps sub-section of above, on
incoming datagram processing to recognize a
Of Daniel Migault
Sent: Tuesday, May 24, 2022 4:48 PM
To: Robert Moskowitz
Cc: Paul Wouters ; IPsecME WG
Subject: Re: [IPsec] diet-esp - How do you know?
The issue only comes when a gateway wants to support all sizes of SPIs 0 - 1 -
2 - 3 - 4 bytes - which is very unlikely. For a deterministic
The issue only comes when a gateway wants to support all sizes of SPIs 0 -
1 - 2 - 3 - 4 bytes - which is very unlikely. For a deterministic lookup, I
would suggest using IP addresses and the minimum allowed byted compressed
SPI.
If you use 2 - 3 bytes, the likelihood of collision might still be
ethod for achieving this…
>
>
>
> *From:* IPsec *On
> Behalf Of *Paul Wouters
> *Sent:* Tuesday, May 24, 2022 11:14 AM
> *To:* Robert Moskowitz
> *Cc:* IPsecME WG
> *Subject:* Re: [IPsec] diet-esp - How do you know?
>
>
>
>
>
> On Sun
That is the 'easy' part.
What does the code do when it receives an ESP packet? How do it know
that it is a diet-esp packet and apply the rules?
Next Header just says: ESP.
On 5/24/22 16:23, Daniel Migault wrote:
This is correct. IKEv2 is used both to agree on the use of Diet-ESP as
well as
This is correct. IKEv2 is used both to agree on the use of Diet-ESP as well
as values to be used for the compression/decompression.
Yours,
Daniel
On Tue, May 24, 2022 at 11:14 AM Paul Wouters wrote:
>
> On Sun, May 22, 2022 at 9:20 PM Robert Moskowitz
> wrote:
>
>> I think there is something
unreasonable if the diet draft spelled out a
method for achieving this…
*From:* IPsec *On Behalf Of *Paul Wouters
*Sent:* Tuesday, May 24, 2022 11:14 AM
*To:* Robert Moskowitz
*Cc:* IPsecME WG
*Subject:* Re: [IPsec] diet-esp - How do you know?
On Sun, May 22, 2022 at 9:20 PM Robert Moskowitz
a method for
achieving this…
From: IPsec On Behalf Of Paul Wouters
Sent: Tuesday, May 24, 2022 11:14 AM
To: Robert Moskowitz
Cc: IPsecME WG
Subject: Re: [IPsec] diet-esp - How do you know?
On Sun, May 22, 2022 at 9:20 PM Robert Moskowitz
mailto:rgm-...@htt-consult.com>> wrote:
I
On Sun, May 22, 2022 at 9:20 PM Robert Moskowitz
wrote:
> I think there is something else I am missing here.
>
> How does the receiving system 'know' that the packet is a diet-esp packet?
>
https://datatracker.ietf.org/doc/html/draft-mglt-ipsecme-ikev2-diet-esp-extension-02
It's negotiated
13 matches
Mail list logo