IPsec Anti-Replay Algorithm without Bit Shifting
draft-zhang-ipsecme-anti-replay-07
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
07 | (System) | post-migration administrative database adjustment to the Yes position for Jari Arkko |
2011-12-12
|
07 | Cindy Morgan | State changed to RFC Ed Queue from Approved-announcement sent. |
2011-10-31
|
07 | Cindy Morgan | IESG state changed to Approved-announcement sent |
2011-10-31
|
07 | Cindy Morgan | IESG has approved the document |
2011-10-31
|
07 | Cindy Morgan | Closed "Approve" ballot |
2011-10-31
|
07 | Cindy Morgan | Approval announcement text changed |
2011-10-31
|
07 | Cindy Morgan | Approval announcement text regenerated |
2011-10-31
|
07 | Cindy Morgan | Ballot writeup text changed |
2011-10-31
|
07 | Jari Arkko | [Ballot comment] Thanks for the revision. |
2011-10-31
|
07 | Jari Arkko | [Ballot Position Update] Position for Jari Arkko has been changed to Yes from Discuss |
2011-10-31
|
07 | (System) | New version available: draft-zhang-ipsecme-anti-replay-07.txt |
2011-10-05
|
06 | (System) | New version available: draft-zhang-ipsecme-anti-replay-06.txt |
2011-10-04
|
(System) | Posted related IPR disclosure: Huawei Technologies Co.,Ltd's Statement about IPR related to draft-zhang-ipsecme-anti-replay-05 | |
2011-09-28
|
05 | (System) | New version available: draft-zhang-ipsecme-anti-replay-05.txt |
2011-09-21
|
07 | Jari Arkko | [Ballot discuss] I believe that either the interoperability considerations for increasing the window should be documented in the draft, or the IESG should add some … [Ballot discuss] I believe that either the interoperability considerations for increasing the window should be documented in the draft, or the IESG should add some warning label as an IESG note to this draft. My recommendation is to add a paragraph that discusses the implications. I'm hoping the authors could suggest text. |
2011-09-15
|
04 | (System) | New version available: draft-zhang-ipsecme-anti-replay-04.txt |
2011-09-08
|
07 | Cindy Morgan | Removed from agenda for telechat |
2011-09-08
|
07 | Cindy Morgan | State changed to IESG Evaluation::AD Followup from IESG Evaluation. |
2011-09-08
|
07 | (System) | [Ballot Position Update] Position for Jari Arkko has been changed to Discuss from No Objection by IESG Secretary |
2011-09-08
|
07 | Dan Romascanu | [Ballot Position Update] New position, No Objection, has been recorded |
2011-09-07
|
07 | Jari Arkko | [Ballot comment] We should let this document be published. That being said, I do have a number of comments that are perhaps best directed to … [Ballot comment] We should let this document be published. That being said, I do have a number of comments that are perhaps best directed to the RFC Editor and the authors. >and it reduces the number anti-replay window is adjusted. This text does not parse. > For high-end multi-core network > processor with multiple crypto cores, a window size bigger than 64 or > 128 is need due to the varied IPsec processing latency caused by > different cores. I think it is a very bad idea to use implementation strategies that cause significant packet reordering. In particular, the interoperability implications towards implementations (many) that happen to employ 32 or 64 bit windows... not to mention impacts to higher layer protocols. In my opinion, the document needs to describe its interoperability implications. I'm not sure if the IESG needs to require that or if that's just something that the RFC Editor should ask the authors to do, but this obviously has an affect to the ability of an implementation to work with another one. > In such a case, the window sliding is tremendous > costly even with hardware acceleration to do the bit shifting. Really? In an implementation that has to run complex cryptographic operations on each word in the packet? I can imagine hardware solutions where bit shifting is really easy :-) In any case, isn't this just an example of the use of good old circular buffers (http://en.wikipedia.org/wiki/Circular_buffer)? Elements in the buffer are bits indicating whether or not the sequence number has been seen, and in addition to the circular buffer pointers you have to keep a value that indicates what the first (or last) sequence number in the window is. Then you check for a packet that has been seen with seqno >= windowstart && seqno <= windowstart + WINDOW_SIZE - 1 && circbuffer->table[circbuffer->first + (seqno - windowstart) % WINDOW_SIZE] Or something along those lines. Is this all you are doing, or am I missing something? If so, I found the description in the body of the document unnecessarily complicated. |
2011-09-07
|
07 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded |
2011-09-07
|
07 | Amanda Baber | We understand that this document doesn't need any IANA actions. |
2011-09-07
|
07 | Robert Sparks | [Ballot Position Update] New position, No Objection, has been recorded |
2011-09-07
|
07 | Pete Resnick | [Ballot Position Update] New position, No Objection, has been recorded |
2011-09-07
|
07 | Gonzalo Camarillo | [Ballot Position Update] New position, No Objection, has been recorded |
2011-09-06
|
07 | Russ Housley | [Ballot Position Update] New position, No Objection, has been recorded |
2011-09-06
|
07 | Peter Saint-Andre | [Ballot Position Update] New position, No Objection, has been recorded |
2011-09-06
|
07 | Stewart Bryant | [Ballot Position Update] New position, No Objection, has been recorded |
2011-09-06
|
07 | Stephen Farrell | [Ballot comment] - Should this have the vendor name in the title? That'd be the "Futurewei IPsec anti-replay..." - last sentence of abstract is unclear … [Ballot comment] - Should this have the vendor name in the title? That'd be the "Futurewei IPsec anti-replay..." - last sentence of abstract is unclear - I'm not sure what's being reduced. - intro, 2nd sentence: s/The mechanisms/The mechanism/ - introp, last para: s/For high-end/For a high-end/ s/is need/is needed/ - I don't get this: "We hide one block from the window." Probably just needs re-phrasing. |
2011-09-06
|
07 | Stephen Farrell | [Ballot Position Update] New position, No Objection, has been recorded |
2011-09-06
|
07 | Sean Turner | [Ballot Position Update] New position, Yes, has been recorded for Sean Turner |
2011-09-06
|
07 | Sean Turner | Ballot has been issued |
2011-09-06
|
07 | Sean Turner | Created "Approve" ballot |
2011-09-06
|
07 | (System) | Ballot writeup text was added |
2011-09-06
|
07 | (System) | Last call text was added |
2011-09-06
|
07 | (System) | Ballot approval text was added |
2011-08-25
|
07 | Sean Turner | State changed to IESG Evaluation from Publication Requested. |
2011-08-24
|
07 | Sean Turner | Ballot writeup text changed |
2011-08-24
|
07 | Sean Turner | Telechat date has been changed to 2011-09-08 from 2011-08-25 |
2011-08-24
|
07 | Sean Turner | Responsible AD has been changed to Sean Turner from Russ Housley |
2011-08-22
|
07 | Cindy Morgan | The draft draft-draft-zhang-ipsecme-anti-replay-03 is ready for publication from the Independent Stream. Please ask IESG to review it, as set out in RFC 5742. The … The draft draft-draft-zhang-ipsecme-anti-replay-03 is ready for publication from the Independent Stream. Please ask IESG to review it, as set out in RFC 5742. The following is some background for this draft, please forward it to IESG along with this request ... This Informational draft presents an alternate method to do the checks and updates for IP Authentication Header (AH) and algorithm in RFC 4302 and RFC 4303. The new method will obviate the need for bit-shifting, and it reduces the number of times the anti-replay window is adjusted. Sean Turner has reviewed this draft, and helped its authors to improve it. Thanks, Nevil (ISE) -- Nevil Brownlee (ISE), rfc-ise@rfc-editor.org |
2011-08-22
|
07 | Cindy Morgan | Draft added in state Publication Requested |
2011-08-22
|
07 | Cindy Morgan | Placed on agenda for telechat - 2011-08-25 |
2011-08-22
|
07 | Cindy Morgan | [Note]: 'ISE Submission' added |
2011-08-18
|
03 | (System) | New version available: draft-zhang-ipsecme-anti-replay-03.txt |
2011-06-28
|
02 | (System) | New version available: draft-zhang-ipsecme-anti-replay-02.txt |
2011-06-20
|
(System) | Posted related IPR disclosure: IBM Corporation's Statement about IPR related to draft-zhang-ipsecme-anti-replay-01 | |
2011-06-10
|
01 | (System) | New version available: draft-zhang-ipsecme-anti-replay-01.txt |
2011-05-10
|
00 | (System) | New version available: draft-zhang-ipsecme-anti-replay-00.txt |