Skip to main content

Implicit Initialization Vector (IV) for Counter-Based Ciphers in Encapsulating Security Payload (ESP)
draft-ietf-ipsecme-implicit-iv-11

Revision differences

Document history

Date Rev. By Action
2020-03-09
11 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2020-03-09
11 (System) RFC Editor state changed to AUTH48 from EDIT
2020-03-02
11 (System) RFC Editor state changed to AUTH48 from RFC-EDITOR
2020-01-28
11 (System) RFC Editor state changed to RFC-EDITOR from EDIT
2019-11-11
11 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on Authors
2019-11-08
11 (System) IANA Action state changed to Waiting on Authors from In Progress
2019-11-08
11 (System) IANA Action state changed to In Progress from Waiting on Authors
2019-11-08
11 (System) IANA Action state changed to Waiting on Authors from In Progress
2019-11-07
11 (System) RFC Editor state changed to EDIT
2019-11-07
11 (System) IESG state changed to RFC Ed Queue from Approved-announcement sent
2019-11-07
11 (System) Announcement was received by RFC Editor
2019-11-07
11 (System) IANA Action state changed to In Progress
2019-11-07
11 Amy Vezza IESG state changed to Approved-announcement sent from Approved-announcement to be sent
2019-11-07
11 Amy Vezza IESG has approved the document
2019-11-07
11 Amy Vezza Closed "Approve" ballot
2019-11-07
11 Amy Vezza Ballot approval text was generated
2019-11-07
11 Alexey Melnikov IESG state changed to Approved-announcement to be sent from Approved-announcement to be sent::Point Raised - writeup needed
2019-10-22
11 Daniel Migault New version available: draft-ietf-ipsecme-implicit-iv-11.txt
2019-10-22
11 (System) New version approved
2019-10-22
11 (System) Request for posting confirmation emailed to previous authors: Tobias Guggemos , Daniel Migault , Yoav Nir
2019-10-22
11 Daniel Migault Uploaded new revision
2019-10-21
10 Daniel Migault New version available: draft-ietf-ipsecme-implicit-iv-10.txt
2019-10-21
10 (System) New version approved
2019-10-21
10 (System) Request for posting confirmation emailed to previous authors: Tobias Guggemos , Daniel Migault , Yoav Nir
2019-10-21
10 Daniel Migault Uploaded new revision
2019-10-18
09 Daniel Migault New version available: draft-ietf-ipsecme-implicit-iv-09.txt
2019-10-18
09 (System) New version approved
2019-10-18
09 (System) Request for posting confirmation emailed to previous authors: Tobias Guggemos , Daniel Migault , Yoav Nir
2019-10-18
09 Daniel Migault Uploaded new revision
2019-10-18
08 Gunter Van de Velde Assignment of request for Last Call review by OPSDIR to Menachem Dodge was marked no-response
2019-10-18
08 Gunter Van de Velde Assignment of request for Last Call review by OPSDIR to Menachem Dodge was marked no-response
2019-10-17
08 Cindy Morgan IESG state changed to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation
2019-10-17
08 Michelle Cotton IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed
2019-10-17
08 Martin Vigoureux [Ballot Position Update] New position, No Objection, has been recorded for Martin Vigoureux
2019-10-16
08 Éric Vyncke
[Ballot comment]
Thank you for addressing the DISCUSS and my COMMENTS.

I leave my previous comments here for log purpose

== COMMENTS ==
-- Section …
[Ballot comment]
Thank you for addressing the DISCUSS and my COMMENTS.

I leave my previous comments here for log purpose

== COMMENTS ==
-- Section 5 --
C.1) "inside the SA Payload" probably worth being a little more descriptive here (for instance, "SA payload in the IKE exchange" ?).  Also suggest to use "IKE Initiator Behavior" for the section title.

-- Section 8 --
C.2) please use the usual text for IANA considerations (notably asking IANA to register as this is not this document that registers the codes).

== NITS ==

In several places, s/8 byte nonce/8-byte nonce/
2019-10-16
08 Éric Vyncke [Ballot Position Update] Position for Éric Vyncke has been changed to No Objection from Discuss
2019-10-16
08 Benjamin Kaduk
[Ballot comment]
Thanks for addressing my Discuss!

A few new comments on the -08:

Abstract

If we're going to differentiate between nonce and IV, I …
[Ballot comment]
Thanks for addressing my Discuss!

A few new comments on the -08:

Abstract

If we're going to differentiate between nonce and IV, I think that
the algorithms require a unique but not necessarily unpredictable *nonce*,
rather than *IV*.

Section 2

nit: s/Initialize/Initialization/

nit: s/similar mechanism/similar mechanisms/ plural

Section 7

My previous ballot was trying to note that the sender/receiver counters
MUST be reset (as noted here) even without this document, as part of
the core ESP requirements.  So we don't need to use the "MUST" here as
if it's a new requirement; we can just say that this behavior is already
present due to the preexisting requirements
2019-10-16
08 Benjamin Kaduk [Ballot Position Update] Position for Benjamin Kaduk has been changed to No Objection from Discuss
2019-10-16
08 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2019-10-16
08 Daniel Migault New version available: draft-ietf-ipsecme-implicit-iv-08.txt
2019-10-16
08 (System) New version accepted (logged-in submitter: Daniel Migault)
2019-10-16
08 Daniel Migault Uploaded new revision
2019-10-16
07 Alvaro Retana [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana
2019-10-15
07 Adam Roach
[Ballot comment]
Thanks for the work on this mechanism. I have no substantive comments
beyond those that have already been shared, although I do have …
[Ballot comment]
Thanks for the work on this mechanism. I have no substantive comments
beyond those that have already been shared, although I do have some
minor editorial comments.

---------------------------------------------------------------------------

§2:

>  In some context, such as IoT, it may be preferable to avoid carrying

Nit: "...some contexts..."

---------------------------------------------------------------------------

§5:

>  An initiator supporting this feature SHOULD propose implicit IV
>  algorithms in the Transform Type 1 (Encryption Algorithm)
>  Substructure of the Proposal Substructure inside the SA Payload.

Please expand "SA" on first use.

---------------------------------------------------------------------------

> 7.  Security Consideration

Nit: "Considerations"

---------------------------------------------------------------------------

§7:

>  extensions ([RFC6311], [RFC7383]) do allow it to repeat, so there is
>  no an easy way to derive unique IV from IKEv2 header fields.

Nit: "...not an easy way..."
2019-10-15
07 Adam Roach [Ballot Position Update] New position, Yes, has been recorded for Adam Roach
2019-10-15
07 Suresh Krishnan [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan
2019-10-15
07 Barry Leiba [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba
2019-10-15
07 Ignas Bagdonas [Ballot Position Update] New position, No Objection, has been recorded for Ignas Bagdonas
2019-10-15
07 Deborah Brungard [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard
2019-10-15
07 Magnus Westerlund [Ballot Position Update] New position, No Objection, has been recorded for Magnus Westerlund
2019-10-15
07 Warren Kumari
[Ballot comment]
I'll trust the Security ADs to determine the security properties of non-random IV's.

I also have a small nit:

4.  Implicit IV
  …
[Ballot comment]
I'll trust the Security ADs to determine the security properties of non-random IV's.

I also have a small nit:

4.  Implicit IV
  With the algorithms listed in Section 2, the 8 byte nonce MUST NOT
  repeat.

I don't see what "8 byte" adds to this sentence -- sure, bits are cheap, but I spent a while trying to figure out if there is another, non-8 byte IV that can repeat, or that some other nonces are allowed to, etc.
2019-10-15
07 Warren Kumari [Ballot Position Update] New position, No Objection, has been recorded for Warren Kumari
2019-10-15
07 Roman Danyliw
[Ballot comment]
** I support the DISCUSS position held by Ben Kaduk.  (Derived from Magnus Nystrom’s SECDIR review) The abstract, Section 2, Section 4 and …
[Ballot comment]
** I support the DISCUSS position held by Ben Kaduk.  (Derived from Magnus Nystrom’s SECDIR review) The abstract, Section 2, Section 4 and Section 7 make references to AES-GCM, AES-CCM, AES-CTR and ChaCha20-Poly1305 (four algorithms).  However, Section 4 also states “This document solely defines the IV generation of the algorithms defined in [RFC4106] for AES-GCM, [RFC4309] for AES-CCM and [RFC7634] for ChaCha20-Poly1305” (i.e., AES-CTR is missing).  Likewise, no new code point is assigned for AES-CTR in Section 8.  If AES-CTR is not in scope, then please don’t mention it in the draft.  If it was missed from Section 4 and 8, please add it.

** Section 7. I’m having difficulty reconciling these two sentences:

(1)  Nonce generation for these algorithms has not been explicitly defined.”

(2) This document provides an explicit and normative way to generate IVs.

Isn’t this text saying the Nonce = Sequence number = IV?

** Section 7.  Editorial. s/the IV is not allowed being repeated for one particular key./the IV is not allowed to be repeated for a particular key./

** Section 7.  Editorial.  s/The Message-ID field in IKEv2 header is somewhat counterpart of SN field in ESP header, but recent …/The Message-ID field in IKEv2 header is similar to the SN field in ESP header.  However recent …/
2019-10-15
07 Roman Danyliw [Ballot Position Update] New position, No Objection, has been recorded for Roman Danyliw
2019-10-14
07 Benjamin Kaduk [Ballot discuss]
Please address the issue raised by the secdir reviewer where AES-CTR is
covered in the text but no codepoint allocated.
2019-10-14
07 Benjamin Kaduk
[Ballot comment]
Section 2

nit: s/In some context/In some contexts/

  This document limits its scope to the algorithms mentioned above.
  Other algorithms with …
[Ballot comment]
Section 2

nit: s/In some context/In some contexts/

  This document limits its scope to the algorithms mentioned above.
  Other algorithms with similar properties may later be defined to use
  this extension.

I'd suggest rewording this part; the "extension" here is just the
per-algorithm codepoint for the IIV variant of the encryption transform,
so what would be reused is probably better described as a "mechanism" or
similar than an "extension".

Section 4.

  With the algorithms listed in Section 2, the 8 byte nonce MUST NOT
  repeat.  The binding between a ESP packet and its nonce is provided

I suggest s/MUST NOT repeat/MUST NOT repeat for a given key/.
nit: s/a ESP/an ESP/

Section 4

  This document solely defines the IV generation of the algorithms
  defined in [RFC4106] for AES-GCM, [RFC4309] for AES-CCM and [RFC7634]
  for ChaCha20-Poly1305.  Any other aspect (including using the Key
  Length attribute) of applying those ciphers with the new Transform
  Types defined in this document MUST be taken from the documents
  defining the use of the algorithms in ESP.

I suggest s/defines/modifies/; the whole paragraph is slightly confusing
to read and could perhaps be reworded to something like "This document
solely modifies the IV generation for the algorithms defined in
[RFC4106] for AES-GCM, [RFC4309] for AES-CCM and [RFC7634] for
ChaCha20-Poly1305.  All other aspects and parameters of those algorithms
are unchanged, and are used as defined in their respective
specifications."

Section 7

nit: the title should be "Security Considerations" plural.

I suggest to reiterate the RFC 4303 requirement for SAs to be closed or
rekeyed before sequence numbers grow too large to fit in 32 bits (for
"legacy" Sequence Number) or 64 bits for ESN.  This prevents sequence
number overlaps for the mundane point-to-point case.

  This document defines three new encryption transforms that use
  implicit IV.  Unlike most encryption transforms defined to date,
  which can be used for both ESP and IKEv2, these transforms are
  defined for ESP only and cannot be used in IKEv2.  The reason is that
  IKEv2 messages don't contain unique per-message value, that can be
  used for IV generation.  The Message-ID field in IKEv2 header is

nit: s/unique/a unique/
nit: s/value,/value/
2019-10-14
07 Benjamin Kaduk [Ballot Position Update] New position, Discuss, has been recorded for Benjamin Kaduk
2019-10-14
07 Alissa Cooper [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper
2019-10-14
07 Tero Kivinen Request for Last Call review by SECDIR Completed: Has Nits. Reviewer: Magnus Nystrom. Submission of review completed at an earlier date.
2019-10-13
07 Tero Kivinen Request for Last Call review by SECDIR Completed: Has Nits. Reviewer: Magnus Nystrom.
2019-10-11
07 Mirja Kühlewind [Ballot Position Update] New position, No Objection, has been recorded for Mirja Kühlewind
2019-10-11
07 Éric Vyncke
[Ballot discuss]
Thank you for the work put into this document. I am trusting the security AD to check whether it is safe not to …
[Ballot discuss]
Thank you for the work put into this document. I am trusting the security AD to check whether it is safe not to have a 'random' IV. I have one trivial-to-fix DISCUSS and a couple of COMMENTs.

It is also unclear at first sight whether the 'nonce' built from the sequence number is actually the IIV.

Regards,

-éric

== DISCUSS ==

-- Section 1 --
D.1) Please use the RFC 8174 template ;)
2019-10-11
07 Éric Vyncke
[Ballot comment]
== COMMENTS ==
-- Section 5 --
C.1) "inside the SA Payload" probably worth being a little more descriptive here (for instance, "SA …
[Ballot comment]
== COMMENTS ==
-- Section 5 --
C.1) "inside the SA Payload" probably worth being a little more descriptive here (for instance, "SA payload in the IKE exchange" ?).  Also suggest to use "IKE Initiator Behavior" for the section title.

-- Section 8 --
C.2) please use the usual text for IANA considerations (notably asking IANA to register as this is not this document that registers the codes).

== NITS ==

In several places, s/8 byte nonce/8-byte nonce/
2019-10-11
07 Éric Vyncke [Ballot Position Update] New position, Discuss, has been recorded for Éric Vyncke
2019-10-08
07 Amy Vezza Placed on agenda for telechat - 2019-10-17
2019-10-08
07 Alexey Melnikov IESG state changed to IESG Evaluation from Waiting for Writeup
2019-10-08
07 Alexey Melnikov Ballot has been issued
2019-10-08
07 Alexey Melnikov [Ballot Position Update] New position, Yes, has been recorded for Alexey Melnikov
2019-10-08
07 Alexey Melnikov Created "Approve" ballot
2019-10-08
07 Alexey Melnikov Ballot writeup was changed
2019-10-07
07 (System) IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed
2019-10-07
07 Sabrina Tanamal
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-ipsecme-implicit-iv-07. If any part of this review is inaccurate, please let …
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has completed its review of draft-ietf-ipsecme-implicit-iv-07. If any part of this review is inaccurate, please let us know.

The IANA Functions Operator understands that, upon approval of this document, there is a single action which we must complete.

In the Transform Type 1 - Encryption Algorithm Transform IDs subregistry of the IKEv2 Transform Attribute Types registry on the Internet Key Exchange Version 2 (IKEv2) Parameters registry page located at:

https://www.iana.org/assignments/ikev2-parameters/

the following existing registrations will have their references changed to [ RFC-to-be ]:

Number: 29
Name: ENCR_AES_CCM_8_IIV
ESP Reference: [ RFC-to-be ]
IKEv2 Reference: Not Allowed

Number: 30
Name: ENCR_AES_GCM_16_IIV
ESP Reference: [ RFC-to-be ]
IKEv2 Reference: Not Allowed

Number: 31
Name: ENCR_CHACHA20_POLY1305_IIV
ESP Reference: [ RFC-to-be ]
IKEv2 Reference: Not Allowed

The IANA Functions Operator understands that this is the only action required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

Thank you,

Sabrina Tanamal
Senior IANA Services Specialist
2019-10-07
07 (System) IESG state changed to Waiting for Writeup from In Last Call
2019-10-01
07 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Menachem Dodge
2019-10-01
07 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Menachem Dodge
2019-10-01
07 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Menachem Dodge
2019-10-01
07 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Menachem Dodge
2019-09-27
07 Joel Halpern Request for Last Call review by GENART Completed: Ready. Reviewer: Joel Halpern. Sent review to list.
2019-09-26
07 Jean Mahoney Request for Last Call review by GENART is assigned to Joel Halpern
2019-09-26
07 Jean Mahoney Request for Last Call review by GENART is assigned to Joel Halpern
2019-09-26
07 Tero Kivinen Request for Last Call review by SECDIR is assigned to Magnus Nystrom
2019-09-26
07 Tero Kivinen Request for Last Call review by SECDIR is assigned to Magnus Nystrom
2019-09-23
07 Cindy Morgan IANA Review state changed to IANA - Review Needed
2019-09-23
07 Cindy Morgan
The following Last Call announcement was sent out (ends 2019-10-07):

From: The IESG
To: IETF-Announce
CC: ipsecme-chairs@ietf.org, draft-ietf-ipsecme-implicit-iv@ietf.org, Tero Kivinen , kivinen@iki.fi, …
The following Last Call announcement was sent out (ends 2019-10-07):

From: The IESG
To: IETF-Announce
CC: ipsecme-chairs@ietf.org, draft-ietf-ipsecme-implicit-iv@ietf.org, Tero Kivinen , kivinen@iki.fi, ipsec@ietf.org, alexey.melnikov@isode.com
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (Implicit IV for Counter-based Ciphers in Encapsulating Security Payload (ESP)) to Proposed Standard


The IESG has received a request from the IP Security Maintenance and
Extensions WG (ipsecme) to consider the following document: - 'Implicit IV
for Counter-based Ciphers in Encapsulating Security
  Payload (ESP)'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2019-10-07. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the beginning of
the Subject line to allow automated sorting.

Abstract


  Encapsulating Security Payload (ESP) sends an initialization vector
  (IV) or nonce in each packet.  The size of IV depends on the applied
  transform, being usually 8 or 16 octets for the transforms defined by
  the time this document is written.  Some algorithms such as AES-GCM,
  AES-CCM, AES-CTR and ChaCha20-Poly1305 require a unique nonce but do
  not require an unpredictable nonce.  When using such algorithms the
  packet counter value can be used to generate a nonce.  This avoids
  sending the nonce itself, and saves in the case of AES-GCM, AES-CCM,
  AES-CTR and ChaCha20-Poly1305 8 octets per packet.  This document
  describes how to do this.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-ipsecme-implicit-iv/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-ipsecme-implicit-iv/ballot/


No IPR declarations have been submitted directly on this I-D.




2019-09-23
07 Cindy Morgan IESG state changed to In Last Call from Last Call Requested
2019-09-23
07 Alexey Melnikov Last call was requested
2019-09-23
07 Alexey Melnikov Last call announcement was generated
2019-09-23
07 Alexey Melnikov Ballot approval text was generated
2019-09-23
07 Alexey Melnikov Ballot writeup was generated
2019-09-23
07 Alexey Melnikov IESG state changed to Last Call Requested from AD Evaluation
2019-09-23
07 Alexey Melnikov IESG state changed to AD Evaluation from Publication Requested
2019-09-23
07 Benjamin Kaduk Shepherding AD changed to Alexey Melnikov
2019-07-22
07 Tero Kivinen Added to session: IETF-105: ipsecme  Tue-1520
2019-04-06
07 Daniel Migault New version available: draft-ietf-ipsecme-implicit-iv-07.txt
2019-04-06
07 (System) New version approved
2019-04-06
07 (System) Request for posting confirmation emailed to previous authors: Tobias Guggemos , Daniel Migault , Yoav Nir
2019-04-06
07 Daniel Migault Uploaded new revision
2019-03-27
06 Cindy Morgan Shepherding AD changed to Benjamin Kaduk
2019-03-14
06 Tero Kivinen Added to session: IETF-104: ipsecme  Thu-1050
2019-03-11
06 Tero Kivinen
As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated …
As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated 24 February 2012.

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

The intended status is Proposed Standard. The document defines a protocol and for interoperability
the Internet Standard status is appropriated.

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

  Relevant content can frequently be found in the abstract
  and/or introduction of the document. If not, this may be
  an indication that there are deficiencies in the abstract
  or introduction.

This document defines a way to omit the nonce from ESP packets when using algorithms for which the
nonce is entirely predictable and calculable from the packet counter. This reduces per-packet
overhead by 8 octets.

Working Group Summary

  Was there anything in WG process that is worth noting? For
  example, was there controversy about particular points or
  were there decisions where the consensus was particularly
  rough?

The document has been highly reviewed and discussed and presented during
meetings and through the mailing list.

The implicit iv draft was first expressed in
[draft-mglt-ipsecme-diet-esp] { 00: March 2014, 01 Jul 2014 } and
presented during the IETF89 in London on March 2014 at the ipsecme
session [1]. The discussions lead to the following draft focusing on
implicit IV within the ipsecme WG :
[draft-mglt-ipsecme-diet-esp-iv-generation ] { 00 : Jul 2014 }. We were
suggested then to move this work in 6lo with lead to the following draft
[draft-mglt-6lo-aes-implicit-iv] { 00 : Dec 2014, 01 : Feb 2015} that
have been presented in the IETF 92 ipsecme session [2]. Implicit IV as
well as diet-esp has been presented in the IETF96 in Berlin [3] in July
2016, where 6lo chairs and ipsecme chairs agree that the right place to host
this work was ipsecme. [draft-mglt-ipsecme-implicit-iv] was then release
in June 2016 and adopted as a WG document in November 2017. This draft extended the work from AES
to ChaCha20Poly1305.  The document has been presented to the ipsecme WG during the IETF89 [1],
IETF92[2], IETF96[3], IETF97[5], IETF98[6], IETF99[7].

[draft-mglt-ipsecme-diet-esp] https://datatracker.ietf.org/doc/draft-mglt-ipsecme-diet-esp/
[draft-mglt-ipsecme-implicit-iv] https://datatracker.ietf.org/doc/draft-ietf-ipsecme-implicit-iv/
[1] https://www.ietf.org/proceedings/89/slides/slides-89-ipsecme-3.pdf
[2] https://www.ietf.org/proceedings/92/slides/slides-92-ipsecme-3.pdf
[3] https://www.ietf.org/proceedings/96/slides/slides-96-6lo-9.pdf
[4] https://www.ietf.org/proceedings/96/slides/slides-96-ipsecme-0.pdf
[5] https://www.ietf.org/proceedings/97/slides/slides-97-ipsecme-draft-ietf-ipsecme-eddsa-draft-mglt-ipsecme-implicit-iv-00.pdf
[6] https://www.ietf.org/proceedings/98/slides/slides-98-ipsecme-implicit-iv-00.pdf
[7] https://datatracker.ietf.org/meeting/99/materials/slides-99-ipsecme-implicit-iv-00

Document Quality

  Are there existing implementations of the protocol? Have a
  significant number of vendors indicated their plan to
  implement the specification? Are there any reviewers that
  merit special mention as having done a thorough review,
  e.g., one that resulted in important changes or a
  conclusion that the document had no substantive issues? If
  there was a MIB Doctor, Media Type or other expert review,
  what was its course (briefly)? In the case of a Media Type
  review, on what date was the request posted?

Apple has reported to have a kernel implementation. During the DevNet
conference in Montreal, the IPsec maintainer of Linux mentioned that he
is he waiting to have this as an RFC before implementing it. This does
not necessarily means that will be its highest priority.  There are
implementations based in C/Python scripts as well as ongoing
implementations on Riot. 

Personnel

  Who is the Document Shepherd? Who is the Responsible Area
  Director?

Tero Kivinen is the document shepherd and Eric Rescorla is the responsible AD.

(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

The document has been discussed with the WG. The current version has
already been reviewed by the AD. We believe the document is ready.

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

No.

(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

No.

(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.

No concerns.

(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

The author has confirmed that they are not aware of any undisclosed IPR associated with this document.

(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

There have been no IPR disclosures.

(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it? 

There is a WG consensus. Three different ways has been proposed to the
WG and the current consensus regarding the design and the IKEv2
negotiation.

Three ways were proposed to implement it:
* An Implicit IV Transform Transform Type.
* An Implicit IV Transform ID ( the solution considered)
* An Implicit IV Transform Attribute

Regarding the implicit IV protocol, there has been some discussions for
not using implicit iv with IKEv2 or with multicast. These scenario have
clearly been excluded in the current document.

(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

No.

(11) Identify any ID nits the Document Shepherd has found in this
document. (See https://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
thorough.

No nits found.

(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

The document does not need additional reviews.

(13) Have all references within this document been identified as
either normative or informative?

Yes

(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

No.

(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in
the Last Call procedure.

No.

(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.

No.

(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).

Code points have already been allocated by IANA.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

Code points have already been allocated by IANA.

(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

checks are those provided by the submission web pages: nits.

2019-03-11
06 Tero Kivinen Responsible AD changed to Eric Rescorla
2019-03-11
06 Tero Kivinen IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up
2019-03-11
06 Tero Kivinen IESG state changed to Publication Requested from I-D Exists
2019-03-11
06 Tero Kivinen IESG process started in state Publication Requested
2019-03-11
06 Tero Kivinen Notification list changed to Tero Kivinen <kivinen@iki.fi>
2019-03-11
06 Tero Kivinen Document shepherd changed to Tero Kivinen
2019-03-11
06 Tero Kivinen Changed consensus to Yes from Unknown
2019-03-11
06 Tero Kivinen Intended Status changed to Proposed Standard from None
2019-03-11
06 Tero Kivinen
As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated …
As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated 24 February 2012.

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

The intended status is Proposed Standard. The document defines a protocol and for interoperability
the Internet Standard status is appropriated.

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

  Relevant content can frequently be found in the abstract
  and/or introduction of the document. If not, this may be
  an indication that there are deficiencies in the abstract
  or introduction.

This document defines a way to omit the nonce from ESP packets when using algorithms for which the
nonce is entirely predictable and calculable from the packet counter. This reduces per-packet
overhead by 8 octets.

Working Group Summary

  Was there anything in WG process that is worth noting? For
  example, was there controversy about particular points or
  were there decisions where the consensus was particularly
  rough?

The document has been highly reviewed and discussed and presented during
meetings and through the mailing list.

The implicit iv draft was first expressed in
[draft-mglt-ipsecme-diet-esp] { 00: March 2014, 01 Jul 2014 } and
presented during the IETF89 in London on March 2014 at the ipsecme
session [1]. The discussions lead to the following draft focusing on
implicit IV within the ipsecme WG :
[draft-mglt-ipsecme-diet-esp-iv-generation ] { 00 : Jul 2014 }. We were
suggested then to move this work in 6lo with lead to the following draft
[draft-mglt-6lo-aes-implicit-iv] { 00 : Dec 2014, 01 : Feb 2015} that
have been presented in the IETF 92 ipsecme session [2]. Implicit IV as
well as diet-esp has been presented in the IETF96 in Berlin [3] in July
2016, where 6lo chairs and ipsecme chairs agree that the right place to host
this work was ipsecme. [draft-mglt-ipsecme-implicit-iv] was then release
in June 2016 and adopted as a WG document in November 2017. This draft extended the work from AES
to ChaCha20Poly1305.  The document has been presented to the ipsecme WG during the IETF89 [1],
IETF92[2], IETF96[3], IETF97[5], IETF98[6], IETF99[7].

[draft-mglt-ipsecme-diet-esp] https://datatracker.ietf.org/doc/draft-mglt-ipsecme-diet-esp/
[draft-mglt-ipsecme-implicit-iv] https://datatracker.ietf.org/doc/draft-ietf-ipsecme-implicit-iv/
[1] https://www.ietf.org/proceedings/89/slides/slides-89-ipsecme-3.pdf
[2] https://www.ietf.org/proceedings/92/slides/slides-92-ipsecme-3.pdf
[3] https://www.ietf.org/proceedings/96/slides/slides-96-6lo-9.pdf
[4] https://www.ietf.org/proceedings/96/slides/slides-96-ipsecme-0.pdf
[5] https://www.ietf.org/proceedings/97/slides/slides-97-ipsecme-draft-ietf-ipsecme-eddsa-draft-mglt-ipsecme-implicit-iv-00.pdf
[6] https://www.ietf.org/proceedings/98/slides/slides-98-ipsecme-implicit-iv-00.pdf
[7] https://datatracker.ietf.org/meeting/99/materials/slides-99-ipsecme-implicit-iv-00

Document Quality

  Are there existing implementations of the protocol? Have a
  significant number of vendors indicated their plan to
  implement the specification? Are there any reviewers that
  merit special mention as having done a thorough review,
  e.g., one that resulted in important changes or a
  conclusion that the document had no substantive issues? If
  there was a MIB Doctor, Media Type or other expert review,
  what was its course (briefly)? In the case of a Media Type
  review, on what date was the request posted?

Apple has reported to have a kernel implementation. During the DevNet
conference in Montreal, the IPsec maintainer of Linux mentioned that he
is he waiting to have this as an RFC before implementing it. This does
not necessarily means that will be its highest priority.  There are
implementations based in C/Python scripts as well as ongoing
implementations on Riot. 

Personnel

  Who is the Document Shepherd? Who is the Responsible Area
  Director?

Tero Kivinen is the document shepherd and Eric Rescorla is the responsible AD.

(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

The document has been discussed with the WG. The current version has
already been reviewed by the AD. We believe the document is ready.

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

No.

(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

No.

(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.

No concerns.

(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

The author has confirmed that they are not aware of any undisclosed IPR associated with this document.

(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

There have been no IPR disclosures.

(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it? 

There is a WG consensus. Three different ways has been proposed to the
WG and the current consensus regarding the design and the IKEv2
negotiation.

Three ways were proposed to implement it:
* An Implicit IV Transform Transform Type.
* An Implicit IV Transform ID ( the solution considered)
* An Implicit IV Transform Attribute

Regarding the implicit IV protocol, there has been some discussions for
not using implicit iv with IKEv2 or with multicast. These scenario have
clearly been excluded in the current document.

(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

No.

(11) Identify any ID nits the Document Shepherd has found in this
document. (See https://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
thorough.

No nits found.

(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

The document does not need additional reviews.

(13) Have all references within this document been identified as
either normative or informative?

Yes

(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

No.

(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in
the Last Call procedure.

No.

(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.

No.

(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).

Code points have already been allocated by IANA.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

Code points have already been allocated by IANA.

(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

checks are those provided by the submission web pages: nits.

2018-11-18
06 Tero Kivinen This document now replaces draft-mglt-6lo-aes-implicit-iv, draft-mglt-ipsecme-diet-esp-iv-generation, draft-mglt-ipsecme-implicit-iv instead of draft-mglt-ipsecme-implicit-iv
2018-11-18
06 Tero Kivinen Reviewed suggested replacement relationships: draft-mglt-6lo-aes-implicit-iv, draft-mglt-ipsecme-diet-esp-iv-generation
2018-11-16
06 (System) Added suggested replacement relationships: draft-mglt-6lo-aes-implicit-iv, draft-mglt-ipsecme-diet-esp-iv-generation
2018-11-16
06 (System) This document now replaces draft-mglt-ipsecme-implicit-iv instead of draft-mglt-ipsecme-implicit-iv
2018-11-16
06 Daniel Migault New version available: draft-ietf-ipsecme-implicit-iv-06.txt
2018-11-16
06 (System) New version approved
2018-11-16
06 (System) Request for posting confirmation emailed to previous authors: Tobias Guggemos , Daniel Migault , Yoav Nir
2018-11-16
06 Daniel Migault Uploaded new revision
2018-11-04
05 Tero Kivinen Added to session: IETF-103: ipsecme  Wed-1350
2018-07-18
05 David Waltermire IETF WG state changed to WG Consensus: Waiting for Write-Up from WG Document
2018-07-16
05 Tero Kivinen Added to session: IETF-102: ipsecme  Wed-1520
2018-06-27
05 Daniel Migault New version available: draft-ietf-ipsecme-implicit-iv-05.txt
2018-06-27
05 (System) New version approved
2018-06-27
05 (System) Request for posting confirmation emailed to previous authors: Tobias Guggemos , Daniel Migault , Yoav Nir
2018-06-27
05 Daniel Migault Uploaded new revision
2018-05-10
04 Daniel Migault New version available: draft-ietf-ipsecme-implicit-iv-04.txt
2018-05-10
04 (System) New version approved
2018-05-10
04 (System) Request for posting confirmation emailed to previous authors: Tobias Guggemos , Daniel Migault , Yoav Nir
2018-05-10
04 Daniel Migault Uploaded new revision
2018-05-09
03 Daniel Migault New version available: draft-ietf-ipsecme-implicit-iv-03.txt
2018-05-09
03 (System) New version approved
2018-05-09
03 (System) Request for posting confirmation emailed to previous authors: Tobias Guggemos , Daniel Migault , Yoav Nir
2018-05-09
03 Daniel Migault Uploaded new revision
2018-03-27
02 Daniel Migault New version available: draft-ietf-ipsecme-implicit-iv-02.txt
2018-03-27
02 (System) New version approved
2018-03-27
02 (System) Request for posting confirmation emailed to previous authors: Tobias Guggemos , Daniel Migault , Yoav Nir
2018-03-27
02 Daniel Migault Uploaded new revision
2018-03-23
01 Daniel Migault New version available: draft-ietf-ipsecme-implicit-iv-01.txt
2018-03-23
01 (System) New version approved
2018-03-23
01 (System) Request for posting confirmation emailed to previous authors: Tobias Guggemos , Daniel Migault , Yoav Nir
2018-03-23
01 Daniel Migault Uploaded new revision
2017-11-27
00 Tero Kivinen This document now replaces draft-mglt-ipsecme-implicit-iv instead of None
2017-11-27
00 Daniel Migault New version available: draft-ietf-ipsecme-implicit-iv-00.txt
2017-11-27
00 (System) WG -00 approved
2017-11-18
00 Daniel Migault Set submitter to "Daniel Migault ", replaces to (none) and sent approval email to group chairs: ipsecme-chairs@ietf.org
2017-11-18
00 Daniel Migault Uploaded new revision