Hello Steffen, Thanks for sharing these references. I would be very interested in discussing these matters during the next meeting.
We have only been following the group activity since very recently, so please apologize us if the new ipsecme-anti-replay-subspaces ID felt like yet-another proposal to the same problem. Our main concern was that the latest discussions we saw on the list were going towards a solution which involved creating more SAs, which we believe would have a significant performance impact. I would really like to be able to discuss more about this, and the pros and cons of the different proposals with you. Looking forward to meeting you in London. Paul Steffen Klassert <steffen.klass...@secunet.com<mailto:steffen.klass...@secunet.com>> writes: > Hi, > > over the last years, quite some work was done from different parties > to overcome some limitations of ESP to handle parallel datapaths, > QoS classes etc. > > Chronologically ordered, we have: > > November 2019: > > https://datatracker.ietf.org/doc/html/draft-mglt-ipsecme-multiple-child-sa-00 > > That was replaced in November 2020 by: > > htpps://datatracker.ietf.org/doc/draft-pwouters-multi-sa-performance/ > > At IETF 108 in July 2020 there was this proposal: > > https://datatracker.ietf.org/meeting/108/materials/slides-108-ipsecme-proposed-improvements-to-esp-01 > > October 2022: > > https://www.ietf.org/archive/id/draft-ponchon-ipsecme-anti-replay-subspaces-00.txt > > Aditionally, Google published the PSP Security Protocol (PSP) for > datacenters in April 2022: > > https://github.com/google/psp > > All these proposals try to solve related problems in different ways. > They all have pros and cons, but the number of proposals shows that > there is a real need to solve these problems better sooner than later. > > So instead of creating even more proposals, we maybe should take a > step back and try to do a clear problem statement. Based on that > we then can rethink about possible solutions. > > The next possibiltiy to sit together for an 'in person' discussion > would be at the IETF Meeting in London. Is there anyone interested > in a sidemeeting about that topic? > > Steffen > > > ______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
