[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IKEv2 transport concerns
At 8:46 PM -0500 12/6/02, Black_David@emc.com wrote:
> > >> >I think it needs to be in both places. We have a one-time
>opportunity
>> >> >to avoid the IKEv1 ECN negotiation kludge if all IKEv2
>implementations
>> >> >are REQUIRED to handle ECN correctly at tunnel egress. IMHO, this
>> >> >outcome is important enough to merit specifying the means of
>achieving
>> >> >it in both the IKEv2 and RFC2401bis documents. If we wind up dealing
>> >> >with IKEv2 systems that get this wrong, the negotiation kludge will
>be
>> >> >with us for much longer ...
>> >>
>> >> David,
>> >>
>> >> I don't think the IKE v2 document is the appropriate place to make
>> >> note of the ECN handling you refer to, since it applies to the
>> >> actions performed on the child SAs that IKE establishes, not on the
>> >> IKE SAs, right? It really is a 2401bis matter, I believe.
>> >>
>> >> Steve
>> >
>> >Will 2401bis progress on a timeline that will allow a normative reference
>> >to it from IKEv2? If so having IKEv2 say "MUST do ECN right, see 2401bis
>> >for details" would be fine. I'm concerned that no mention of this at all
>in
>> >IKEv2 implicitly allows IKEv2 to negotiate 2401classic style tunnel
>handling
>> >of ECN, and that would be unfortunate.
>>
>> David,
>>
>> I doubt that IKE v2 and 2401 bis will be issued concurrently. But, my
>> concern is over where a requirement belongs in our documents, more
>> than what gets it out soonest. I recognize the value in the time to
>> market issue you raise, but I think putting requirement in the proper
>> place is more important.
>>
>> Steve
>
>Steve,
>
>Would you be amenable to an approach based on a small draft that
>contains just the tunnel encapsulation/decapsulation material needed
>to specify ECN handling for tunnel-mode SAs? That could be put
>together in short enough order to allow IKEv2 to use a "MUST" to
>reference it without delaying IKEv2. When 2401bis is ready, it
>would obsolete both the new small tunnel draft and 2401 itself,
>so that the requirement winds up in the right place. I'll sign
>up to write the small ECN handling draft on a schedule that won't
>hold up IKEv2.
>
>If 2401bis gets done faster than expected, the new small ECN handling
>draft could vanish without a trace, having served its purposes
>of preventing 2401-classic tunnel (mis)handling of ECN in SAs set up
>by IKEv2, and allowing us to leave the IKEv1 ECN negotiation
>kludge on the scrap heap where it belongs.
>
>Thanks,
>--David
David,
I'm in favor of keeping the ECN processing separate from IKE v2, so
to that extent the separate draft sounds good. However, I would like
to be reminded of the reason for having a reference to the separate
draft in IKE v2.
Steve