Cloning the IKE Security Association in the Internet Key Exchange Protocol Version 2 (IKEv2)
RFC 7791

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
Cc: draft-mglt-ipsecme-clone-ike-sa@ietf.org, "The IESG" <iesg@ietf.org>, Kathleen.Moriarty.ietf@gmail.com, kivinen@iki.fi, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'Cloning IKE SA in the Internet Key Exchange Protocol Version 2 (IKEv2)' to Proposed Standard (draft-mglt-ipsecme-clone-ike-sa-09.txt)

The IESG has approved the following document:
- 'Cloning IKE SA in the Internet Key Exchange Protocol Version 2
(IKEv2)'
  (draft-mglt-ipsecme-clone-ike-sa-09.txt) as Proposed Standard

This document has been reviewed in the IETF but is not the product of an
IETF Working Group.

The IESG contact person is Kathleen Moriarty.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-mglt-ipsecme-clone-ike-sa/


Technical Summary

	This document presents the solution that allows to clone IKEv2
	SA, where an additional SA is derived from an existing one.
	The newly created IKE SA is set without the IKEv2
	authentication exchange. This IKE SA can later be assigned to
	another interface or moved to another cluster mode using
	MOBIKE protocol.

Working Group Summary

	Document was considered for the IPsecME working group, and
	intrest was polled in November 2014. There were only positive
	responses for adopting the draft in the mailing list, but WG
	chairs concluded that there was not sufficient interest (i.e.
	not enough people). There were no controversial points pointed
	out at that point and comments were provided on the list.

Document Quality

	There is no known existing implementations of the protocol.
	There has been few reviews for the core IPsecME WG members,
	which has resulted some changes to the document. 

Personnel

	The Document Shepherd is Tero Kivinen, the responsible Area
	Director is Kathleen Moriarty. 


IANA Note

	This document has two IANA actions. There are no new registries. 
        The actions add two new entries to existing IKEv2 registry. The 
        allocation policy of that registry is Expert review. The IANA 
        considerations section is complete, and includes enough information
        for IANA to complete the protocol actions.

RFC editor note:

Minor nit in the last paragraph of the security considerations
section, add an "a" before the phrase "load-sharing":

Old:
When cloning, an IKE SA is used to build load-balancing systems, then
there is a necessity to transfer IKE SA states between the nodes of
load-sharing cluster.
New:
When cloning, an IKE SA is used to build load-balancing systems, then
there is a necessity to transfer IKE SA states between the nodes of a
load-sharing cluster.