[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IKEv2 transport concerns

To: kent@bbn.com
Subject: RE: IKEv2 transport concerns
From: Black_David@emc.com
Date: Fri, 6 Dec 2002 20:46:35 -0500
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

> >>  >I think it needs to be in both places.  We have a one-time
opportunity
> >>  >to avoid the IKEv1 ECN negotiation kludge if all IKEv2
implementations
> >>  >are REQUIRED to handle ECN correctly at tunnel egress.  IMHO, this
> >>  >outcome is important enough to merit specifying the means of
achieving
> >>  >it in both the IKEv2 and RFC2401bis documents.  If we wind up dealing
> >>  >with IKEv2 systems that get this wrong, the negotiation kludge will
be
> >>  >with us for much longer ...
> >>
> >>  David,
> >>
> >>  I don't think the IKE v2 document is the appropriate place to make
> >>  note of the ECN handling you refer to, since it applies to the
> >>  actions performed on the child SAs that IKE establishes, not on the
> >>  IKE SAs, right? It really is a 2401bis matter, I believe.
> >>
> >>  Steve
> >
> >Will 2401bis progress on a timeline that will allow a normative reference
> >to it from IKEv2?  If so having IKEv2 say "MUST do ECN right, see 2401bis
> >for details" would be fine.  I'm concerned that no mention of this at all
in
> >IKEv2 implicitly allows IKEv2 to negotiate 2401classic style tunnel
handling
> >of ECN, and that would be unfortunate.
> 
> David,
> 
> I doubt that IKE v2 and 2401 bis will be issued concurrently. But, my 
> concern is over where a requirement belongs in our documents, more 
> than what gets it out soonest. I recognize the value in the time to 
> market issue you raise, but I think putting requirement in the proper 
> place is more important.
> 
> Steve

Steve,

Would you be amenable to an approach based on a small draft that
contains just the tunnel encapsulation/decapsulation material needed
to specify ECN handling for tunnel-mode SAs?  That could be put
together in short enough order to allow IKEv2 to use a "MUST" to
reference it without delaying IKEv2.  When 2401bis is ready, it
would obsolete both the new small tunnel draft and 2401 itself,
so that the requirement winds up in the right place.  I'll sign
up to write the small ECN handling draft on a schedule that won't
hold up IKEv2.  

If 2401bis gets done faster than expected, the new small ECN handling
draft could vanish without a trace, having served its purposes
of preventing 2401-classic tunnel (mis)handling of ECN in SAs set up
by IKEv2, and allowing us to leave the IKEv1 ECN negotiation
kludge on the scrap heap where it belongs.

Thanks,
--David
----------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953 **NEW**     FAX: +1 (508) 293-7786
black_david@emc.com        Mobile: +1 (978) 394-7754
----------------------------------------------------

Follow-Ups:
- Re: IKEv2 transport concerns
  - From: Lars Eggert <larse@ISI.EDU>
- RE: IKEv2 transport concerns
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: speaking of keys
Next by Date: Re: speaking of keys
Prev by thread: RE: IKEv2 transport concerns
Next by thread: Re: IKEv2 transport concerns
Index(es):
- Date
- Thread