IETF Logo Mail Archive

Re: [IPsec] WESP - Roadmap Ahead

"Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com> Mon, 16 November 2009 06:18 UTC

Return-Path: <manav.bhatia@alcatel-lucent.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 348B73A68A4 for <ipsec@core3.amsl.com>; Sun, 15 Nov 2009 22:18:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.185
X-Spam-Level:
X-Spam-Status: No, score=-0.185 tagged_above=-999 required=5 tests=[BAYES_40=-0.185]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id THRcsber325l for <ipsec@core3.amsl.com>; Sun, 15 Nov 2009 22:18:56 -0800 (PST)
Received: from hoemail1.alcatel.com (hoemail1.alcatel.com [192.160.6.148]) by core3.amsl.com (Postfix) with ESMTP id 53D133A6870 for <ipsec@ietf.org>; Sun, 15 Nov 2009 22:18:55 -0800 (PST)
Received: from horh1.usa.alcatel.com (h172-22-218-55.lucent.com [172.22.218.55]) by hoemail1.alcatel.com (8.13.8/IER-o) with ESMTP id nAG6IruX028695; Mon, 16 Nov 2009 00:18:53 -0600 (CST)
Received: from mail.apac.alcatel-lucent.com (aprelay03.apac.alcatel-lucent.com [202.65.2.133]) by horh1.usa.alcatel.com (8.13.8/emsr) with ESMTP id nAG6Ipur015301; Mon, 16 Nov 2009 00:18:52 -0600 (CST)
Received: from INBANSXCHHUB02.in.alcatel-lucent.com (inbansxchhub02.in.alcatel-lucent.com [135.250.12.35]) by mail.apac.alcatel-lucent.com (8.13.7/8.13.7/Alcanet1.0) with ESMTP id nAG6MAB8026560; Mon, 16 Nov 2009 14:22:10 +0800
Received: from INBANSXCHMBSA1.in.alcatel-lucent.com ([135.250.12.56]) by INBANSXCHHUB02.in.alcatel-lucent.com ([135.250.12.35]) with mapi; Mon, 16 Nov 2009 11:48:50 +0530
From: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
To: Tero Kivinen <kivinen@iki.fi>
Date: Mon, 16 Nov 2009 11:48:48 +0530
Thread-Topic: [IPsec] WESP - Roadmap Ahead
Thread-Index: AcpmCtVP6qERY3p6TjuS7qvOx0SrZwAd373w
Message-ID: <7C362EEF9C7896468B36C9B79200D8350AB2C86306@INBANSXCHMBSA1.in.alcatel-lucent.com>
References: <dc8fd0140911110805q67759507t6cf75a1e9d81c5aa@mail.gmail.com> <19200.8786.266973.313959@fireball.kivinen.iki.fi>
In-Reply-To: <19200.8786.266973.313959@fireball.kivinen.iki.fi>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 172.22.12.27
X-Scanned-By: MIMEDefang 2.64 on 202.65.2.133
Cc: "ipsec@ietf.org" <ipsec@ietf.org>
Subject: Re: [IPsec] WESP - Roadmap Ahead
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Nov 2009 06:18:57 -0000

 
> 
> It will take several years before implementations start to implement
> WESP, and even more years before hardware chips support WESP. Most of
> the IPsec users are still using IKEv1, even when we published IKEv2
> 2005, i.e. 4 years ago. And IKEv2 draft was finished and publication
> was requested at end of 2003.
> 
> So stable draft which could be used to implement IKEv2 was ready 6
> years ago, and while there are several implementations out, people are
> still using IKEv1. Also before WESP can be used people would first
> need to move to IKEv2 anyways... 

Not all applications of WESP (or AH and ESP for that matter) would require an IKEv2 negotiation. You could use WESP as a protocol for routing protocol authentication without an IKEv2 extension.

And the reason why you might want to use WESP is to prioritize certain protocol packets over the others, as is normally done for v4 control packets (e.g. OSPFv3 HELLOs and ACKs over other OSPFv3 packets)

Cheers, Manav

v2.23.0 | Report a Bug | By Email