Implicit Initialization Vector (IV) for Counter-Based Ciphers in Encapsulating Security Payload (ESP)
RFC 8750

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, ipsecme-chairs@ietf.org, draft-ietf-ipsecme-implicit-iv@ietf.org, Tero Kivinen <kivinen@iki.fi>, kivinen@iki.fi, ipsec@ietf.org, alexey.melnikov@isode.com, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'Implicit IV for Counter-based Ciphers in Encapsulating Security Payload (ESP)' to Proposed Standard (draft-ietf-ipsecme-implicit-iv-11.txt)

The IESG has approved the following document:
- 'Implicit IV for Counter-based Ciphers in Encapsulating Security
   Payload (ESP)'
  (draft-ietf-ipsecme-implicit-iv-11.txt) as Proposed Standard

This document is the product of the IP Security Maintenance and Extensions
Working Group.

The IESG contact persons are Alexey Melnikov, Benjamin Kaduk and Roman
Danyliw.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-ipsecme-implicit-iv/


Technical Summary

This document defines a way to omit the nonce from ESP packets when using algorithms for which the
nonce is entirely predictable and calculable from the packet counter. This reduces per-packet
overhead by 8 octets.

Working Group Summary

The document has been highly reviewed and discussed and presented during
meetings and through the mailing list.

The implicit iv draft was first expressed in
[draft-mglt-ipsecme-diet-esp] { 00: March 2014, 01 Jul 2014 } and
presented during the IETF89 in London on March 2014 at the ipsecme
session [1]. The discussions lead to the following draft focusing on
implicit IV within the ipsecme WG :
[draft-mglt-ipsecme-diet-esp-iv-generation ] { 00 : Jul 2014 }. We were
suggested then to move this work in 6lo with lead to the following draft
[draft-mglt-6lo-aes-implicit-iv] { 00 : Dec 2014, 01 : Feb 2015} that
have been presented in the IETF 92 ipsecme session [2]. Implicit IV as
well as diet-esp has been presented in the IETF96 in Berlin [3] in July
2016, where 6lo chairs and ipsecme chairs agree that the right place to host
this work was ipsecme. [draft-mglt-ipsecme-implicit-iv] was then release
in June 2016 and adopted as a WG document in November 2017. This draft extended the work from AES
to ChaCha20Poly1305.   The document has been presented to the ipsecme WG during the IETF89 [1],
IETF92[2], IETF96[3], IETF97[5], IETF98[6], IETF99[7].

[draft-mglt-ipsecme-diet-esp] https://datatracker.ietf.org/doc/draft-mglt-ipsecme-diet-esp/
[draft-mglt-ipsecme-implicit-iv] https://datatracker.ietf.org/doc/draft-ietf-ipsecme-implicit-iv/
[1] https://www.ietf.org/proceedings/89/slides/slides-89-ipsecme-3.pdf
[2] https://www.ietf.org/proceedings/92/slides/slides-92-ipsecme-3.pdf
[3] https://www.ietf.org/proceedings/96/slides/slides-96-6lo-9.pdf
[4] https://www.ietf.org/proceedings/96/slides/slides-96-ipsecme-0.pdf
[5] https://www.ietf.org/proceedings/97/slides/slides-97-ipsecme-draft-ietf-ipsecme-eddsa-draft-mglt-ipsecme-implicit-iv-00.pdf
[6] https://www.ietf.org/proceedings/98/slides/slides-98-ipsecme-implicit-iv-00.pdf
[7] https://datatracker.ietf.org/meeting/99/materials/slides-99-ipsecme-implicit-iv-00

Document Quality

Apple has reported to have a kernel implementation. During the DevNet
conference in Montreal, the IPsec maintainer of Linux mentioned that he
is he waiting to have this as an RFC before implementing it. This does
not necessarily means that will be its highest priority.   There are
implementations based in C/Python scripts as well as ongoing
implementations on Riot.  

Personnel

Tero Kivinen is the document shepherd and Alexey Melnikov is the responsible AD.