Cloning the IKE Security Association in the Internet Key Exchange Protocol Version 2 (IKEv2)
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: "IETF-Announce" <firstname.lastname@example.org> Cc: email@example.com, "The IESG" <firstname.lastname@example.org>, Kathleen.Moriarty.email@example.com, firstname.lastname@example.org, email@example.com Subject: Protocol Action: 'Cloning IKE SA in the Internet Key Exchange Protocol Version 2 (IKEv2)' to Proposed Standard (draft-mglt-ipsecme-clone-ike-sa-09.txt) The IESG has approved the following document: - 'Cloning IKE SA in the Internet Key Exchange Protocol Version 2 (IKEv2)' (draft-mglt-ipsecme-clone-ike-sa-09.txt) as Proposed Standard This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Kathleen Moriarty. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-mglt-ipsecme-clone-ike-sa/
Technical Summary This document presents the solution that allows to clone IKEv2 SA, where an additional SA is derived from an existing one. The newly created IKE SA is set without the IKEv2 authentication exchange. This IKE SA can later be assigned to another interface or moved to another cluster mode using MOBIKE protocol. Working Group Summary Document was considered for the IPsecME working group, and intrest was polled in November 2014. There were only positive responses for adopting the draft in the mailing list, but WG chairs concluded that there was not sufficient interest (i.e. not enough people). There were no controversial points pointed out at that point and comments were provided on the list. Document Quality There is no known existing implementations of the protocol. There has been few reviews for the core IPsecME WG members, which has resulted some changes to the document. Personnel The Document Shepherd is Tero Kivinen, the responsible Area Director is Kathleen Moriarty. IANA Note This document has two IANA actions. There are no new registries. The actions add two new entries to existing IKEv2 registry. The allocation policy of that registry is Expert review. The IANA considerations section is complete, and includes enough information for IANA to complete the protocol actions. RFC editor note: Minor nit in the last paragraph of the security considerations section, add an "a" before the phrase "load-sharing": Old: When cloning, an IKE SA is used to build load-balancing systems, then there is a necessity to transfer IKE SA states between the nodes of load-sharing cluster. New: When cloning, an IKE SA is used to build load-balancing systems, then there is a necessity to transfer IKE SA states between the nodes of a load-sharing cluster.