[IPsec] Comment on draft-ietf-ipsecme-ikev2-resumption-00
"Peny Yang" <peng.yang.chn@gmail.com> Tue, 18 November 2008 06:19 UTC
Return-Path: <ipsec-bounces@ietf.org>
X-Original-To: ipsec-archive@megatron.ietf.org
Delivered-To: ietfarch-ipsec-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9A83A28C138; Mon, 17 Nov 2008 22:19:08 -0800 (PST)
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DF7E13A67F7 for <ipsec@core3.amsl.com>; Mon, 17 Nov 2008 22:19:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NsNPb2Dh185T for <ipsec@core3.amsl.com>; Mon, 17 Nov 2008 22:19:07 -0800 (PST)
Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.169]) by core3.amsl.com (Postfix) with ESMTP id 2BA553A67F1 for <ipsec@ietf.org>; Mon, 17 Nov 2008 22:19:07 -0800 (PST)
Received: by wf-out-1314.google.com with SMTP id 27so3128754wfd.31 for <ipsec@ietf.org>; Mon, 17 Nov 2008 22:19:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type:content-transfer-encoding :content-disposition; bh=wMlHaJHMfyR4BCVB/dyjCPJUPx0GQ0TnU+yyF0TtwsA=; b=qMcJNWVbAI5sWnIn66/CPcnWZM41ik/l74uZ9E3mxPapYNLZek1LIrQ1YO0O1VghBI c9ug6gpIbmTwA/O0djtF7YK0NxwTn0qazxnnRa7PFsNJ8udq/x2wgLVHLvBIPOeI87lq RpjdQ2gvDUMvLPw2qU15wEAAw405J/cCc9LhE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition; b=TDxCyZWJFDuN+ngfqGMWYCn54mgPfcKarNz/zjbJfkn0Fhwo4Qy48pN8dCmq9TKPEo T0pp6SRWuq5BpdqyqctM83SRCaR9qDKDq9AGOKQyemMocZCGWJ60qDc7gB+zAP8Vg/1x i9obrvsQHS4snG2zOeAlO/LAHJ5M3GILsdfqc=
Received: by 10.142.115.20 with SMTP id n20mr200494wfc.344.1226989145997; Mon, 17 Nov 2008 22:19:05 -0800 (PST)
Received: by 10.142.211.4 with HTTP; Mon, 17 Nov 2008 22:19:05 -0800 (PST)
Message-ID: <4c5c7a6d0811172219j96ce787qd265ded48f4c60b6@mail.gmail.com>
Date: Tue, 18 Nov 2008 14:19:05 +0800
From: Peny Yang <peng.yang.chn@gmail.com>
To: ipsec@ietf.org
MIME-Version: 1.0
Content-Disposition: inline
Subject: [IPsec] Comment on draft-ietf-ipsecme-ikev2-resumption-00
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
Hi, I just went through the updated WG draft and RFC5077 as well. In the draft, the new IKE_SESSION_RESUME is defined to present ticket from client gateway for session resumption. However, this need to modify IKEv2 base protocol by new messages and related protection of them. From the implementation point of view, we do not think this modification is small. And, when we consider the case that the session resumption can not be continued by the gateway, gateway will reject this message. Then, the regular IKEv2 procedure will be done afterwards. In this case, at least one round trip is wasted. Also, I checked RFC 5077 as a reference indicated in the charter. It just added a SessionTicket extension to the ClientHello message for ticket presenting from client during session resumption. Solution: Add a payload in the IKE INIT message for client to present the index of ticket to GW. Then if GW can not do the session resumption for some reason, it just sends the IKE INIT response to clients and starts the regular IKEv2 initiation procedure. IMHO, this way is more efficient and flexible. Peny _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] Comment on draft-ietf-ipsecme-ikev2-resum… Peny Yang
- [IPsec] Comment on draft-ietf-ipsecme-ikev2-resum… Peny Yang
- [IPsec] Comment on draft-ietf-ipsecme-ikev2-resum… Tero Kivinen
- Re: [IPsec] Comment on draft-ietf-ipsecme-ikev2-r… Peny Yang
- Re: [IPsec] Comment on draft-ietf-ipsecme-ikev2-r… Tero Kivinen
- Re: [IPsec] [Ipsec] RFC 4301 and ICMP processing He, Wenxiao
- Re: [IPsec] Comment on draft-ietf-ipsecme-ikev2-r… Peny Yang
- Re: [IPsec] Comment on draft-ietf-ipsecme-ikev2-r… Tero Kivinen
- Re: [IPsec] Comment on draft-ietf-ipsecme-ikev2-r… Peny Yang
- Re: [IPsec] Comment on draft-ietf-ipsecme-ikev2-r… Tero Kivinen
- Re: [IPsec] Comment on draft-ietf-ipsecme-ikev2-r… Peny Yang
- Re: [IPsec] Comment on draft-ietf-ipsecme-ikev2-r… Tero Kivinen
- Re: [IPsec] Comment on draft-ietf-ipsecme-ikev2-r… Lakshminath Dondeti
- Re: [IPsec] Comment on draft-ietf-ipsecme-ikev2-r… Peny Yang
- Re: [IPsec] Comment on draft-ietf-ipsecme-ikev2-r… Tero Kivinen
- Re: [IPsec] Comment on draft-ietf-ipsecme-ikev2-r… Peny Yang
- Re: [IPsec] [Ipsec] RFC 4301 and ICMP processing He, Wenxiao
- Re: [IPsec] [Ipsec] RFC 4301 and ICMP processing Dan McDonald
- Re: [IPsec] [Ipsec] RFC 4301 and ICMP processing He, Wenxiao