On Wed, Dec 4, 2024 at 5:39 PM Tero Kivinen <kivi...@iki.fi> wrote:
> Michael Richardson writes: > > > > Tero Kivinen <kivi...@iki.fi> wrote: > > > Postquantum Cryptography brings new authentication methods. The > > > > (rant about "quantum-safe" term omitted) > > > > ... > > > > > The ESPv3 protocol was defined in 2005 and there has been seen that > > > there might be some need to make enhancements to it. The working > group > > > will analyze the possible problems and work on solving them. This > may > > > include updating ESP, AH, and/or WESP standards, or result in a new > > > security protocol. > > > > I think "new security protocol", means a new IP protocol=xx mechanism, > (ESP > > with a new number), but I think that many people won't understand that. > > For some, this could mean an entirely new architecture, and I'm sure this > > wasn't intended. Yes, ESP=Encapsulated *SECURITY PROTOCOL*, but ... > > I do not think the working group has decided whether we do new IP > protocol number, or whether we do new format of the ESP frames using > old protocol number, or whatever. > > > I suggest: > > > > > This may > > > include updating or replacing ESP, AH, and/or WESP standards. > > > > (I think we are always enfranchised to ask for a new IPPROTO) > > and the above is a nit. > > Even if we make new version of the ESP, that version might be in > limited use, and not for general purpose uses cases. My understanding > is that most of the changes were based on the datacenter uses cases > where they want to peek in to the packets and export certain things > from the inner flow to outside, and make changes to the ESP frame > format to make hardware implementations easier etc. > > Most of those changes are not something that is needed for road > warrior uses cases, or VPN connections between two offices etc. > > So it might be that we make new security protocol in addition to ESPv3, > i.e., ESPv3 is still used for VPN uses cases, and then we make EESP > (or whatever) which have new IP protocol number, and that is aimed for > the datacenter use cases. > > I tend to think that we may want EESP not updating ESPv3, that is not becoming ESPv4. > > Otherwise, I'm very happy with the proposed charter. > > I would like to keep the charter bit open in this regard, i.e., > whether we make new security protocol, or update ESPv3 is bit open, > but I do not think we are even planning of making replacement for > ESPv3, i.e., if we make new security protocol it will be in addition > to ESPv3 (i.e., ESPv3 will not be obsoleted by the new version). > -- > kivi...@iki.fi > > _______________________________________________ > IPsec mailing list -- ipsec@ietf.org > To unsubscribe send an email to ipsec-le...@ietf.org > -- Daniel Migault Ericsson
_______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
