[IPsec] FW: New Version Notification for draft-liu-ipsecme-ikev2-rekey-redundant-sas-00.txt

Sun, 21 Nov 2021 22:52:50 -0800 

Recently we ran into a real problem in some IPsec use case - IKEv2 protocol 
supports rekey mechanism for IKE Security Association (SA) and Child SA, but 
may result in redundant SAs ([RFC7296], section 2.8.1) when both peers start 
rekeying at the same time.
Although in such case IKEv2 selects the SA created with the lowest of the four 
nonces and the redundant SA SHOULD be deleted by the endpoint that created it, 
but it is not enough.
Because among the standards, frequent rekeying is highly recommended, but such 
an approach can be non-optimal when SA are frequently rekeys as SAs are 
unnecessary computed and adds an additional IKEv2 exchange.

So this document defines the Rekeying Priority in IKEv2 extension which enables 
to agree roles for rekeying of child SAs and optimize IKEv2 rekey negotiation.

The below announcement is that draft. We would like to work with the community 
to improve and clarify tech draft.

-----Original Message-----
From: internet-dra...@ietf.org <internet-dra...@ietf.org> 
Sent: Monday, November 22, 2021 2:37 PM
To: Congjie Zhang <congjie.zh...@ericsson.com>; Harold Liu 
<harold....@ericsson.com>; Daniel Migault <daniel.miga...@ericsson.com>
Subject: New Version Notification for 
draft-liu-ipsecme-ikev2-rekey-redundant-sas-00.txt


A new version of I-D, draft-liu-ipsecme-ikev2-rekey-redundant-sas-00.txt
has been successfully submitted by Daiying Liu and posted to the IETF 
repository.

Name:           draft-liu-ipsecme-ikev2-rekey-redundant-sas
Revision:       00
Title:          IKEv2 Rekey Priority Extension
Document date:  2021-11-21
Group:          Individual Submission
Pages:          7
URL:            
https://www.ietf.org/archive/id/draft-liu-ipsecme-ikev2-rekey-redundant-sas-00.txt
Status:         
https://datatracker.ietf.org/doc/draft-liu-ipsecme-ikev2-rekey-redundant-sas/
Htmlized:       
https://datatracker.ietf.org/doc/html/draft-liu-ipsecme-ikev2-rekey-redundant-sas


Abstract:
   This document defines the Internet Key Exchange Version 2 (IKEv2)
   Rekeying Priority extension that enables to agree roles for the next
   rekey of the child SAs and as such optimize IKEv2 rekey negotiation.

                                                                                
  


The IETF Secretariat
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to