On Fri, Aug 16, 2024 at 08:09:31AM +0000, Panwei (William) wrote: > Tero Kivinen writes: > > I would like to add one more there, i.e., ESN sent as 64-bit sequence > > number (i.e. transmitting full ESN value in packet) in such way that you > > send lower 32-bits first, and then you add upper 32-bits of the ESN > > between SN and payload data, i.e., there would be upper bits of ESN > > before first bytes of payload data (IV): > > I do favor transmitting the full 64-bit ESN in packet. And I can add this > solution in the next version. > > In fact, this is one candidate solution I considered at the beginning. But I > thought modifying the ESP packet format was a very significant change. I was > afraid that people would think a new ESP version is required and not accept > it by only using this notification. So I was not brave enough to write it in > the draft v00.
FYI, when presenting our WESPv2 proposal at the last IETF meeting we got the recommendation to do a new security protocol and fix all the issues ESP has at once (instead of reusing something existing and fixing just some of the issues). Following that, we are about to write a darft for a 'new ESP' which transmitts the full 64-bit sequence number and removes the trailer similar as you suggested in draft-pan-ipsecme-esp-trailer-adjustment, amongst other things. That said, if we want to transmit the 64-bit sequence number in ESP, I'd prefer to transmit the upper 32-bits before the lower 32-bits. That's easier on the imlementation side. Steffen _______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
