►
From YouTube: IETF108-IPSECME-20200728-1100
Description
IPSECME meeting session at IETF108
2020/07/28 1100
https://datatracker.ietf.org/meeting/108/proceedings/
C
C
C
D
E
D
C
D
A
A
C
C
A
A
C
A
C
Right:
okay,
great
thanks!
So
let's
go
to
the
group
status
I
think,
is
the
next
slide
right.
So
we've
got
all
the
allocated
time
for
technical
difficulties,
and-
and
this
is
the
agenda,
any
comments,
anything
we
forgot
missing
stuff
yeah,
remember
that
paul
had
something
he
wanted
to
discuss
in
any
other
business,
but
well
we'll
get
to
that.
C
F
F
So
this
spin
calculation
was
defined
in
29
published
a
while
ago
and
it
modifies
iq2
behavior
in
several
ways.
It
there
are
very.
Quite
a
lot
of
places
when
like
to
be
heavier
must
be
accommodated,
must
be
handled
differently
compared
with
udp
transport
and
while
rfc
tries
to
cover
all
these
places
and
describe
prescribe
the
new
behavior.
A
E
F
Lists
all
these
clarifications
for
therapy,
but
follow
the
our
direct
advice
and
our
terrorist
advice
it.
It
was
decided
to
instead
to
prepare-
and
this
document
for
22
82-29,
so
tommy
and
myself
has
prepared
the
draft
that
can
be
used
as
initial
version
of
this
document.
Next,
please
so
here
I
will
try
to
cover
just
the
differences
that
are
not
addressed
in
the
current
version
of
in
the
current
review,
and
that
must
be
addressed
in
this
draft.
F
So
I
quit
two
requires
exchange
in
the
shelter
to
initialize,
mid
request,
periodically
and
tcp
is
a
reliable
protocol,
so
the
transmissions
are
not
needed
and,
moreover,
excessive
transmissions
may
may
make
things
worse
because
in
case
of
congestion,
any
requests
that
can
be
done
that
will
be
done
by
application
will
always
increase
this
congestion
making
sense
worse.
But
in
some
cases
for
example,
if
this
speculation
is
lost
and
then
restored,
then
the
transmission
must.
E
F
On
the
other
hand,
puzzle
can
be
used
because
it
provides
a
different
mechanism
to
to
to
defend
against
general
distributed
general
service
attack,
and
so
cookie
will
be
used
only
if
puzzle
is
used,
but
of
course,
if
cook
is
requested
by
the
charter
responders
still
need
to
handle
it
in
this
position.
So
next,
please.
F
Rfc
7296
device
is
initiated
not
to
act
immediately
if
it
receives
some
error
notification
in
the
iksa
indeed,
but
wait
for
some
time,
because
this
package
can
be
forced,
but
in
case
of
tcp
it
makes
little
sense
because
either
we
receive
the
error
and
it
is
a
genuine
error
or
it
is
forced,
but
if
it
is
forced
against
this
reconnection
is
hijacked
and
the
genuine
error
will
never
never
be
received.
So
it
must
be
also
addressed
in
the
revised
interrupt
next,
please.
A
F
F
F
F
A
special
package
informing
that
message,
id
must
be
adjusted
and
sequence
number
might
be
adjusted,
but
it
can
do
it
because
this
reconnection
is
lost
and
the
initial
responder
cannot
restore
it.
It
has
no
means
to
do
it,
so
it's
advising
that
client
should
periodically
send
learners,
check
messages,
and
it
must
do
it
more
frequently
and
despite
whether
rails
traffic
exists
or
no
despite,
if
there
is
a
a
traffic,
it
must
not
send,
but
if
there
is
no
traffic
it
must
have
periodically.
F
B
So
just
a
few
comments
I'll
have
to
take
a
closer
look
at
the
draft,
but
I
think
there
should
probably
also
be
a
section
about
the
kernel
requirements
and
things
like
what
to
do
when
you
have
like
packets
that
are
too
small
that
that
are
smaller
than
a
non-esp
marker,
because
we
we
had
a
few
bugs
when
we
were
implementing
this
in
a
linux
kernel.
I
think
those
would
be
good
to
also
incorporate
into
the
document.
F
Yes,
there
is,
there
is
a
section
that
is
concerned
with
ipsec,
so
the
the
how
tcp
encapsulation
includes
is
influenced
by
the
secretary.
It
is
currently
a
bit
short,
but
it
definitely
should
be
expanded.
In
particular,
it
says
that,
for
example,
you
cannot
have
a
multiple.
You
cannot
copy
course
class
field
from
in
a
ip
header
to
the
outer.
F
F
B
F
C
Okay,
let's
take
a
hum
about
how
many
people
have
actually
read
this,
so
go
to
the
hum
tool:
tab
virtual
hum
tool,
tab!
It's
right!
Next
to
the
chat
right
left
left
of
the
chat
and
when
I
click
the
start
button
you
will
have
a
chance
to
say
how
loudly
you
want
to
hum
so
hum.
Now,
if
you
have
read
the
draft.
C
Okay,
so
yeah
people
hunt
very,
very
softly
pianissimo
and
that's
really
not
very
relatively
new,
so
that's
probably
the
case
yeah.
So
if
I
ask
now
about
how
many
people
haven't
read
the
draft
and
I
get
that
it's
48
doesn't
really
say
anything
because
it
doesn't
show
me
how
many
people
hunt.
So
that's
pretty
useless.
C
Okay.
So,
since
we
can't
really
pull
the
rule
for
how
many
people
have
read
the
draft
and
there's
also
no
point
in
well,
perhaps
there
is
a
point
in
asking
about
you
know
adoption,
or
rather
let's
ask
the
participant
to
come
to
the
queue
and
say,
if
you
think,
there's
just
adapting.
This
is
a
good
idea.
B
C
B
C
A
F
F
It's
a
simple
sample
use
cases
how
it
is
integrated
into
ike
and
what
next
step
next
description
of
the
program.
So
the
recently
several
schemes
to
encrypt
dns
have
been
specified,
it's
dennis
or
with
tls
dot,
dns
or
detailers
dns
over
https
doc
and
another
scheme
that
is
currently
instantified
in
s
or
working.
F
F
So
vpn
service
provider
can
offer
publicly
accessible
encrypted
dns
outside
its
domain,
so
that
dns,
dns,
dns
server
is,
is
not
accessible
or
probably,
maybe
or
may
not
be
accessible.
We
are
depend
too
now,
so
in
this
situation
we
have
to
since
dns
is
encrypted.
There
is
no
it's
protected,
but
we
have
to
configure
client
to
with
configuration
and
how
to
use
it
encrypted
dns
outside
the
tone
and
the
next
use
case
next
piece.
F
It's
it's
protected
internal
dns
traffic.
So
our
recent
research
recent
trends
treat
even
internal
hosts
in
the
protected
networks
as
acceptable
to
to
to
be
attacked,
and
so,
in
this
case,
encrypted
dns
can
benefit
so
that
the
dns
traffic
is
encrypted
even
inside
the
protected
boundary,
so
so
called
zero
trust
architecture.
F
F
A
F
F
A
F
Drug
houses
into
the
drafting
trucks
with
split
dns
extension,
currently
rfc,
85,
1998
split
dns
configuration
for
iq2
requires
that
internal
ipdns
attributes
be
present.
When
you
turn
the
nest
domain
is
included,
since
this
attribute
includes
both
address
and
domain.
So
this
requirement
is
relaxed
if
these
traffic
implements
so
the
next
piece.
F
So
next
steps,
I
think,
from
conversation
with
my
co-authors,
that
this
group
is
not
considered
as
a
primary
home
group
candidate,
so
they
wanted
initially,
they
directed
the
drug
to
be
adopted
and
progressed
in
the
working
group.
But
since
this
is
concerned
with
ike,
I
think
it
is
of
interest
for
this
group.
Probably
happy
second
year
can
be
home
for
this
draft.
If
the
group
decides
it
is
interesting.
F
C
C
B
Oops,
I
had
another
mute
button.
Sorry
so
I
think
the
draft's
good,
the
on
my
only
concern
is
with
the
the
bit
that
says
something
about
what
to
do
outside
of
the
vpn
tunnel.
I
think
that's
sort
of
out
of
scope
for
for
for
ike
to
say
what
you
should
do
outside
of
the
vpn.
So
I
think
it
should.
I
agree
to
define
like
you
know,
these
are
the
dns
servers
you
can
reach
on
on
various
protocol
flavors.
B
D
Okay,
I
had
a
couple
comments,
so
the
first
one
is.
I
think
you
already
noted
that
there
is
the
add
working
group
that
is
charted
to
do
things,
at
least
in
this
space.
So
you
should
be
sure
to
have
the
respect.
Working
group
chairs
coordinate
to
make
sure
that
we
have
one
proper
home
for
the
work,
but
I'm
sure
we
can
do
that,
and
my
other
comment
was
that
in
the
the
slide
with
the
attribute
format,
you
are
showing
the
ip
address
and
the
dns
authentication
domain
name.
D
F
A
F
D
Yeah,
we'll
definitely
have
to
follow
that
work
to
stand
on
track
and,
of
course,
when
dns
over
quick
arrives,
we
don't
know
yet
what
kind
of
configuration
it
will
need,
so
just
to
make
sure
that
our
attribute
format
is
sufficiently
flexible,
that
we
can
extend
to
new
types
of
data
if
we
need
to
but
yeah.
I
think
this
is
interesting.
Work.
A
So
to
start
giving
it
so
so
you
would
be
saying
that
instead
of
having
this
kind
of
thing,
we
probably
should
have
you
know
sub
attributes
inside
that
think
that
we
could
have
a
multiple
different
type
of
things,
especially
if
we
see
that
there's
going
to
be
perhaps
need
for
other
type
of
configuration.
Attributes
for
different
types
of
you
know
things
we
are
configuring
or
the
other
option,
of
course,
is
to
make
you
know
multiple.
A
You
know,
because
we
have
this
list
of.
You
know
configuration
attributes
already,
so
we
could,
you
know
just
do
it
so
that
we
move
this
one
level
up
like
we
did
for
ipv4
and
ipv6.
We
have
a
different
payload
for
ipv4
dns
addresses
and
different
for
ipv6
dns
addresses.
We
could
have
an
one
format,
for
you
know
dot
one
format
for
the
hda,
oh
and
one
for
a
quick,
because
we
have
a
16
bit
attribute
type.
There.
F
A
B
C
C
The
big
motivation
as
far
as
I'm
concerned
is
that
the
world,
or
at
least
the
world
in
the
itf,
is
moving
to
encrypted
dns
and
we
don't
want
to
have
to
keep
the
old
unencrypted
dns
just
for
the
sake
of
the
ikv2
server.
That's
that
doesn't
know
how
to
handle
input
the
dns,
so
we
needed
if
for
no
other
reason,
we
needed
to
keep
up
with
the
times
because
dna,
because
we
don't
want
to
force
people
to
keep
the
unique
guinness.
F
It's
one
of
the
reasons
because,
as
of
course,
it's
jiro
probably
will
comment
better
on
it.
But
as
far
as
I
understand
many
browsers
with
soon
have
an
encrypted
dns
turned
on
by
default,
and
they
will
display
a
warning
if
you
use
some
encrypted
dns.
So
we
should
be
prepared
with
this
with
ip2,
so
that
users
don't
see
this
warning
when
they
use.
I
don't
know
likely
to
I
decide
to
connect
to
the
you,
can
correct.
C
I
One
of
the
co-authors
of
the
wrap,
the
dean's
authentication
domain
name,
can
be
used
by
all
the
three
flavors
of
danish
encryption,
both
amos
or
dls,
dns,
https,
and
so
quick.
These
https
or
the
next
https
three
are
required,
uri
to
be
discovered
and
that
uri
discovered
can
be
done
securely
using
well-known
domain
name.
So
that
is
the
client
first
establishes
the
tls
handshake
and
then
uses
the
uri
to
retrieve
the
well
known
url
to
retrieve
all
the
reverse
services.
The
services
could
be
like.
I
can
do
malware
frames.
I
A
A
I
G
Okay,
so
maybe
this
was.
This
was
the
context
of
the
previous
question
and
I
just
didn't
quite
get
it
force.
My
understanding
was
that
for
some
dns
services
like
dns
over
tlrx,
we
need
or
hoping
to
do,
certificate
validation
is
that
is
that
the
same
context
as
a
previous
question,
or,
if
not,
is
that
something
that
we
maybe
can
just
send
a
string
and
then
do
the
dns
we
would
have
to
do
it.
We
would
have
a
bootstrapping
problem,
but
we
would
be
able.
I
To
evaluate
yeah,
the
the
ad
working
group
is
currently
only
discussing
certificates
which
are
became
based.
We
are
not
discussing
any
certificates
which
are
using
private
ca
or
or
raw
public
keys.
So
that's
reason
in
this
graph:
we
are
only
covering
authentication
domain
name,
because
the
certificate
would
have
that
and
a
client
would
still
use
pk
to
validate
the
certificate.
G
F
F
I
Yeah,
I
think
I
think
we
need
a
couple
of
more
revisions
for
this
drought
before
I
think
it's
ready,
but
we
would
definitely
like
to
present
this
drought
in
ad
working
group
as
well,
and
we
would
like
the
chairs
of
both
this
working
group
and
recorded
and
because
this
is
an
extension
to
like
it.
It
definitely
falls
into
this,
but
chatter
as
well,
but
you
will
also
be
aware
of
the
work
that's
happening
here,
so
I
guess
some
discussions
have
to
happen
in
both.
D
Make
sense
yeah
just
this
has
been
chaotix
to
note
as
the
area
director.
If
this
working
group
might
beseck
me
decided
to
say
that
this
work
is
terrible
and
you
shouldn't
do
it.
That
would
be
very
useful
information
for
add
to
have.
I
don't
see
that
happening,
of
course,
but
to
be
able
to
say
that
we
saw
the
work
and
it
seems
to
make
sense,
is
useful
information
to
have.
I
I
had
one
comment
to
add
is
currently:
if
you
see
most
of
the
drafts
that
are
discussed
in
ad
are
basically
using
insecure
mechanisms
to
discover
the
duty
level
servers
either
it
could
be
dhcp
routing
advertisement
or
it
could
be.
I
have
a
domain,
especially
it
has
a
domain
name
which
the
client
queries
in
venus
or
533
to
retrieve
whether
the
network
supports
dvd
audio.
F
F
F
So
of
course,
if
initiating,
if
initiators,
knew
respondus
capabilities,
they
would
have
chosen
excess
pixels
one
and
they
say
succeeded
so
the
next
piece
and
social.
The
problem
that
there
is
no
currently
there
is
no
way
for
peace
for
peers
to
explicitly
indicate
the
supported,
authentication
method.
F
It's
the
euristic
mechanisms
that
can
be
done
using
cert
request,
reload,
for
example,
or
id
content,
but
all
of
them
are
unreliable
and
I
think
that
with
new
signature
formats
and
authentication
method,
especially
post
quantum
and
hybrid
ones,
that
are
already
discussed
in
the
last
working
group
in
the
kids
working
group,
there
are
some
drugs.
The
station
of
this
election
might
happen
more
often
as
the
next
piece
and.
F
F
F
So
this
is
an
illustration
of
how
the
linking
to
the
to
the
search
request
below
it
is
done.
So
each
authentication
method
contains
a
field,
a
subfield
called
link,
and
it
contains
ic,
zero
or
non-zero
value.
If
it
is
not
zero,
it
is
it
points.
This
value
is
treated
as
a
number.
The
the
the
sequence
number
of
c
is
in
the
start,
request
below.
F
If
it
is
zero,
it
means
that
this
particular
citation
method
can
use
with
any
series,
or
it
isn't
concerned
with
this,
so
the
next,
please
so
how
it
is
exchanged.
Since
there
are
two
options
option
one
is
very
simple:
it
is
exchange
along
with
set
requests
below
it,
so,
each
time
the
psn
centric
has
below
it.
It
also
includes
the
put
it
out
method.
F
Next,
please,
the
problem
with
the
first
option
is
that
supported
house
messaging
education
can
be
quite
long
because
you
can
support
quite
a
lot
of
methods
in
since
the
aggregation
identifiers.
I
send
you,
I
send
a
centered.
One
conversion
identifies
it
included,
they
get
the
quantum
several
hundred
points.
So
in
this
case
we
can
use
ice
intermediate
exchange
that
is
used
for
other
purposes
currently
for
multiple
key
exchanges
and,
for
example,
we
can
use
it
for
other
purpose.
So
if
respondent.
A
F
That
the
size
of
the
its
response
will
be
too
too
large
and
caused
ip
fragmentation
in
consent,
supported
in
empty
supported,
house
method,
method,
certification,
and
that
is
a
hint
for
initiators
that
it
must
initiate,
like
intermediate
exchange
or
piggyback
if
academic
exchange
is
initiated
for
some
other
purpose.
And
so
is
this
like
an
immediate
exchange,
the
respondent
will
include
incentification
so
for
the
shutters
there's,
no
problem
because
it
gets
close.
F
A
B
Hi
paul
vader
speaking,
I
think
this
this
chart
is
a
good
idea,
I'm
not
sure
yet
about
whether
all
the
complexity
is
needed.
But
I
did
want
to
point
out
that
for
liberson
we
went
into
we
had
a
similar
issue.
We
wanted
to
support
null
encryption
on
both
sides
and
then
slowly
have
people
be
able
to
migrate
to
certificates,
and
we
couldn't
really
signal
that
so.
B
A
Oh,
it's
still
going
in
that's
a
not
cheer,
but
I
think
one
of
the
things
we
would
probably
do
also.
We
could
actually
split
this
in
two
pieces,
meaning
one
to
negotiate
actual
authentication
algorithm.
The
other
one
is
the
problem
that
which
you
know,
methods
are
suitable
for
each
ca
and
and
having
the
linking
back
and
forth
with
the
certificate.
Payload
said
with
requests
and
so
on.
A
A
So
we'd
have
a
list
of
you
know,
supported
authentication
maker,
which
says
on
the
psk
signatures
and
and
rc,
and
so
on.
Whatever
formats
you
have,
but
the
list
of
you
know
suitable
agreement,
ids
would
be
inside
the
threats
with
requests,
meaning
that
we
actually
allocate
one
new,
circuitry
curse
type.
That
has
you
know
in
addition
to
having
to
hash
of
the
ca,
we
also
would
have-
and
you
know
a
list
of
oils
that
it's
you
know
by
this.
It
supports
or
something
like
that.
C
J
Hi
everybody,
so
let's
take
the
next
slide
already.
So
what
we
did
was
we
looked
at
esp
and
data
centers
and
we
come
into
a
couple
of
problems
and
we
had
two
major
issues
and
one
was
that
the
sequence
numbers
are
not
handled
in
esp
as
we
want
them
to
be
handled,
so
maybe
a
pretty
subjective
view.
But
that
gives
us
problems
with
parallelism
and
it
gives
us
problems
with
multicast
replay
protection,
which
we
see
in
data
centers
right
now,
and
it
also
gives
us
issues
with
qs.
J
There
are
a
couple
of
ways
around
that
right
now
being
discussed,
but
it
all
boils
down
to
the
problem
that
sequence
numbers
are
bound
to
an
spi
basically,
and
the
other
thing
that
we
had
was
a
well-known
problem
to
this
group
is
that
esp
trailers
forces
us
to
do
complex
protocol
handling.
So
if
we
have
fragments,
if
we
have
segments
and
maybe
alignment
issues,
then
this
trailer
comes
into
our
way
and
what
we
did
was
we.
J
We
exchanged
things
in
messed
with
esp
a
little,
and
what
I
want
to
do
now
is
to
give
you
a
short
explanation
of
what
we
did
with
it,
even
though
we
don't
know
yet
what
we
can
do
with
that.
So
what
we
currently
have,
we
have
an
implementation
of
it,
but
we
don't
know
if
that's
worth
a
new
protocol,
a
new
version,
a
different
mode,
different
yeah,
just
encapsulation
method,
next
piece.
J
We
basically
send
all
with
the
whole
64
bit
of
sequence,
number
information
which
we
have
for
esn
anyways,
but
if
we
explicitly
send
them
with
every
packet,
we
don't
have
synchronization
problems,
especially
if
you
have.
If
we
were
talking
about
one
having
one
key
and
a
whole
data
center
and
large
multi-pass
groups,
then
we
had
this
synchronization
problem.
J
Furthermore,
we
shifted
the
icv
value
from
the
from
the
trailer
to
the
beginning
and
in
the
header,
which
allows
us
to
make
assumptions
for
an
example
that
the
sec
there
is
it's
always
present
in
the
first
segment
or
it's
always
present
in
the
first
fragment
and
the
it's
all
followed
by
the
encrypted
packet.
What
we
got
rid
of
is
the
whole
trailer.
J
J
As
I
said,
and
it
allows
us
to
scale
over
more
cpu
cores
without
having
additional
things
done
in
the
group
product
or
in
the
key
management
protocol.
And
it
allows
us
to
do
multicast
replay
protection,
as
each
sender
can
just
use
its
own
sequence
number
window,
and
it
allows
us
also
to
do
replay
windows,
qs
class.
In
this
case
the
sender
just
uses
different
window
ids
for
different
qs
classes,
and
they
can
just
overtake
what
I
have
not
discussed
in
detail
here.
J
Everything
anything
anything
changed
in
any
field
in
the
in
the
header
leads
to
a
decryption
or
failed
decryption.
Thus,
an
attacker
cannot
do
that
and
without
aad
we
can
faster
encrypt
things,
because
we
don't
need
an
additional
round,
for
example
in
gcm
and
well
we
had.
We
have
also
implicit
padding
so
now.
I
know
this
is
kind
of
a
large
change.
So
that's
why
I
wanted
to
discuss
it
before.
Just
writing.
Some
drafts
or
yeah
have
feedback
here
from
the
group.
J
So
this
is
just
a
measurement
we
have.
We
did
on
a
broadwell
cpu
and
it
shows
you
different
performance
figures
for
esp
vanilla,
esp
security
association
and
that's
our
approach,
which
we
call
vpe,
and
what
you
can
see
is
that
you
can
run
it
at
about
30
gigabit
per
second
lines:
70
gigabit
per
second
on
the
red
side,
so
on
the
unencrypted
site
and
have
pretty
much
high
performance
from
the
approach.
J
So
thanks
for
listening!
What
I'm
interested
in
is
feedback
from
you,
so
we
can
decide
on
how
to
incorporate
things
into
a
draft
or
if
we
can
should
just
yeah,
have
it
somewhere
yeah.
I
have
just
an
information
graph
for
an
example
or
just
that
things
are
not
a
good
idea.
Maybe
also
would
be
outcome.
A
C
B
C
C
C
H
Yeah
hi,
is
it
oh
good?
It
looks
like
my
audio
is
coming
through
hi,
I'm
christian
hopps
with
lavin
consulting,
and
this
is
an
update
right.
It
showed
on
the
status
slides.
This
was
an
individual
draft,
but
we
adopted
this
a
while
back.
So
it's
a
working
group
document
now
these
so
next
slide
please.
H
So
this
is
an
update
since
106.
we
didn't
meet
in
107.,
so
this
was
published
prior
to
107
back
in
march.
The
notable
changes
these
were.
Changes
were
asked
for
at
106
and
on
the
list
the
two
big
ones
were,
or
the
biggest
one
was
the
v2
I
I
had
had
used
transforms
and
paul,
and
some
others
said
this
is
a
silly
way
to
do
this
and
yeah.
They
were
right.
H
H
If
the
required
flags
are
not
understood
or
or
they
are
or
supported,
the
tfs
mode
would
not
be
enabled
by
the
responder
or
the.
If
it's
the
initiator,
that's
getting
back
a
required
flags
field
that
it
doesn't
support.
It
would
then
delete
the
essay
so
which
is
following
the
basic
method
next
slide.
H
So
the
two
required
notification
flags
are
congestion
control,
whether
you
know
the
basically,
if
it's
set,
the
sender
is
asking
the
receiver
to
send
it
back
congestion,
control,
information,
periodically,
it
must
be
sent
and
if
the
so,
if
the
receiver
doesn't
support
sending
that
information,
it
would
then
not
not
set
up
tfs
the
don't
fragment
bit.
This
was
required
a
while
ago,
but
we're
just
continuing
to
bring
that
forward,
which
is,
if
the
sender,
the
sender,
the
notify
message
does
not
support
receiving
fragments.
H
So
next
slide
we
changed
the
because
we're
looking
at
doing
a
protocol
number.
We
wanted
to
make
it
as
generic
as
possible
so
that
we
could
really
not.
You
know,
have
any
sort
of
trouble
with
this.
So
we
used
basically
a
first
octet
subtype,
which
then
allows
basically
for
for
the
ipfs
protocol
number.
You
know
we
will
have
255
256
uses
of
different
header
formats
if
we
needed
them,
even
if
they
were
not
tfs.
H
H
Congestion
control,
payload
format
goes
to
subtype
one
and
that
did
have
a
flag,
which
is
that
whether
ec
bits
were
used
in
calculating
the
data
that
it's
returning
and
that
that's
the
p
flag,
the
rest
of
the
flag
bits
are
reserved
and
the
rest
of
the
header
stays.
The
same
looks
like
disliked,
so
we
had
a
couple
open
issues
and
the
comments
from
last
meeting
and
one
was
the
ip
protocol
number.
We
discussed
this
in
the
list
a
couple
times.
H
I
I
think
we've
done
done
discussing
it,
so
we're
just
waiting
for
the
chairs
to
forward
the
request.
We've
got
a
summary
there.
You
know.
Basically,
we
looked
at
using
what,
but
it
didn't
really
gain
us
anything.
We
still
needed
the
next
header
number,
so
we
just
were
burning
some
extra
bits
and
bandwidths.
H
So
the
what
we
agreed
on
was
to
you
know,
let's
start
an
early
allocation
process.
This
will
let
us
get
through
the
any
kind
of
issues
that
might
come
up
and
you
know
we
can
deal
with
them
so
that
it's
not
happening
at
the
very
end
of
the
process
and
even
if
we
did
run
into
some
problems,
which
we
really
don't
anticipate
that
you
know
once
we
justify
the
use.
H
But
if
we
did,
we
can
always
fall
back
to
overloading
an
ip
protocol
number,
but
this
really
isn't
where
we
want
to
start
right,
because
I
mean
there's
already
people
that
are
thinking
that
they
might
be
able
to
use
this
framing
outside
of
esp
and
the
minute
you
leave
esp.
Then
you
can't,
you
know
you
can't
just
use
an
overloaded
ip
protocol
number
anymore.
H
So
anyway,
there's
a
lot
of
ip
protocol
numbers.
It
is
a.
It
is
a
you
know,
an
8-bit
field,
but
it's
more
than
half
are
left
and
a
bunch
can
be
deprecated
so
and
yeah.
Well,
let
me
come
back
to
that,
so
the
tr,
the
other,
the
other
major
thing,
was
transport
mode,
and
we
discussed
this
on
the
list
and
decided
that
this
could
be
done
in
a
separate
document.
There
are
there
are
some
real?
H
You
know
it
depends
on
how
far
we
want
to
go
with
supporting
transport
mode
if
it's
just
to
support
gre
the
cu.
You
know
the
cisco
sort
of
gre
with
transport
mode
tunnel.
It's
fairly
easy
to
do
this,
but
if
you
want
to
get
any
more
generic,
you
have
to
start
talking
about
what
ip
fields
to
carry
because
you're
you
know
you're
carrying
multiple
iv
packets
in
each
in
each
outer
ip,
certainly
because
you'll
be
creating
like
pad
packets
right.
So
what
what
ip
fields
do
they
carry?
H
Do
they
carry
the
last
ones
anyway?
All
of
that
sort
of
stuff
can
be
discussed
in
a
separate
document,
and
you
know
that
we
can
move
the
simpler
method,
the
tunnel
mode
forward,
so
that
seemed
to
go
fine.
Everyone
just
wanted
to
make
sure
that
we,
you
know
that
it
doesn't
conflict
with
the
tunnel
mode
and
basically
you
know,
since
we
have
the
subtypes,
we
also
have
flags
and
even
the
mode
itself
of
going
transport
mode
can
differentiate
any
header
changes
we
might
need
in
the
future.
H
So
anyway,
coming
back
thro,
throwing
it
back
to
ip
number.
We
do
have
the
a.d
in
the
room
and
the
chairs
are
here,
so
I'm
wondering
if
we
can,
could
we
make
it?
Can
we
make
that
official,
maybe
I'll,
leave
that
question
to
the
very
end
of
the
presentation,
though,
let's
go
to
the
next
slide,
the
other.
The
other
issues
that
we
were
looking
at
was
possibly
doing
an
alignment.
H
So
I
went
and
looked
at
this
while
I
was
I've
been
doing
working
on
this
a
reference
implementation
of
this
and
what
the
cons
are,
basically
that
it
complicates
the
end
cap
dcap
to
do
you
know,
alignment
between
the
data
blocks
or
you
know
the
inner
packets
in
the
payload.
It
also
wastes
bandwidth
the
pro
the
reason
to
do
it
was
basically
to
make
it.
You
know
less
rigorous
white
box
code
to
work
like
asics.
H
H
You
know
that
had
to
be
handled
in
the
kernel,
but
in
any
case,
what
you
end
up
finding
is
that
even
when
you're
doing
chained
buffers,
even
when
you're
doing
chain
buffers,
you
end
up
having
to
parse
the
packet
to
find
you
know,
you
have
to
parse
the
packet
to
find
the
header
and
you're
you're,
always
doing
a
copy
out
of
the
packet
header
just
because
you've
already
cash
loaded
it
right.
So
when
I
went
to
find
the
header
I've
already
loaded,
the
first
64
bytes
of
the
packet
into
the
cache
anyway.
H
H
So
basically
the
the
just
seems
like
we
don't
need
this
and
it
keeps
things
simple.
The
other
thing
is
that
we
we
are
we're
still
planning
to.
We've
got
a
vpp
implementation
that
we'll
be
publishing
this
year,
open
source
with
congestion
control
and
the
ikev2
changes,
and
we're
also
very
interested
in
working
with
other
people
and
collaborating
on
other
implementations.
Are
interoperability
testing
next
slide.
H
A
This
is,
I
have
been
you
know.
I
haven't
actually
been
following
this
discussion
that
much
except
for
the
protocol
number,
and
I
was
there
when
the
vesp
protocol
number
was
allocated,
and
I
think
you
have
a
very
or
or
it
might
be,
that
the
change
protocols
have
changed
slightly
heavily,
but
at
that
point
it
was
really
really
hard
to
get
the
protocol
number
of
yp.
A
We
have
to
fight
it,
because
why
do
you
need
two?
Are
you
already
have
two?
Why
do
you
need
third
one,
and
that
was
one
of
the
problems
we
had
at
that
point?
It
might
have
changed
the
the
question
I
have
there
is
that
the
how
many
people
have
accidentally
read
these
documents?
So
if
people
could
actually,
you
know
just
type
into
their
job
or
you
know,
you
know
if
you
have
read
it
so
so
we
can
actually
see
if
there
is.
A
H
A
K
K
A
H
C
H
H
So
basically,
we
have
two
things:
configuration
and
operational
data.
The
configuration
is
whether
to
turn
on
or
not,
congestion,
control,
the
fixed
packet
size
or
you
know
so,
there's
two
ways
to
specify
that
either
just
a
fixed
size
or
to
use
path,
mtu
or
the
combination
where
you
could
say
like,
for
example,
we
want
1500
octet
but
use
path
mtu
to
lo,
so
we
could
lower
it.
H
The
other
configuration
item
is
the
bit
rate
to
send
at
so
you
know,
there's
two
ways
we
found
it
was
actually
useful,
more
useful
to
specify
the
l2
bit
rate,
because
you
know,
if
you
know
I
want
to
use.
You
know,
100
of
this
ethernet
or
10
of
this
ethernet
link
bandwidth.
People
just
tend
to
think
more
of
that
right.
I've
got
a
10,
gig
or
100
gig
link,
and
then
you
know
so.
Obviously
the
little
gray
box
is
saying
you
know
the
packet
transmission
frequencies
of
that
rate
divided
by
package
size.
H
The
last
configuration
is
to
whether
to
allow
fragmentation
or
not
of
the
inner
data
box
next
slide.
So
this
is
what
that
looks
like
we
we're
I'll
get
to
the
model
that
we're
augmenting,
but
basically
this
model
has
an
ike
and
a
iklis
entry.
So
for
ike
mode
we
augment
the
connection
entry
under
the
sa
configuration,
and
this
is
just
the
yang
tree
right.
H
So
you
can
see
the
congestion
control
boolean,
the
packet
size,
the
choice
of
a
tunnel
rate
either
l2
or
l3,
and
they
don't
fragment
and
then
likewise
we
the
the
way
yang
works.
Is
you
have
you
know
the
requested
config?
So
that's
what
the
upper
one
is,
the
lower
one
is
what
it's
selected-
and
this
is.
H
This
is
just
the
same
exact
config,
but
it's
in
this
case
it's
in
the
iklis
module,
and
so
it's
under
the
spd
entry
that,
by
the
way
that
this
is
actually
a
grouping
because
the
connection
entry
used
spd
entry.
So
it
is
the
the
same,
we're
augmenting
the
same
grouping
basically
and
ike
and
iquis
in
in
this
case.
We
augment
these
security
association
database
entry,
the
sa
basically
for
the
operational
config,
so
that
that's
what
I
noted
there
it's
different
from
ike,
because
it's
now
under
the
sad
entry
next
slide.
H
So
the
operational
statistics-
these
are
pretty
straightforward:
we've
got
the
outer
ipsec
counters,
which
is
basically
txrx,
drops
and
error
counts,
and
then
we've
got
more
detail
with
the
inner
packets.
We
track
the
number
of
inner
packets
and
octets
the
amount
of
padding
that
was
added.
So
we
we
break
the
padding
up
into
two
different
counters.
H
One
is
the
padding
that
we
added
to
so,
in
other
words,
a
iptfs
packet
that
included
user
traffic,
but
also
padding
that's
extra
pad,
but
then
there's
also
times
where
you're
just
sending
an
an
entire
ptfs
payload
of
a
pad.
So
that's
what's
counted
by
the
all
pad
and
the
same
same
counters
for
receive
the
error
would
be
like
a
framing
format
and
the
mist
is
where
you're,
not
you
know,
you've
seen
a
sequence
number
miss
incomplete
is
similar.
It's
where
you
might
have
missed.
H
H
Oh,
we
did
sorry
so
now
here's
the
issue.
So
the
the
thing
is:
there's
only
one
active,
ipsec
yang
model
out
there
and
it's
being
defined
by
i2
nsf
and,
as
you
can
see
the
name
sdn,
it's
the
only
active,
published
ipsec
game
model,
so
we
used
it.
It
is
very
far
along
in
the
process,
it's
in
the
iesg
publication,
so
there
it's
still
it's
still
in
that
in
that
process.
H
H
H
It
doesn't
include
a
security
association
database
and
I
asked
the
authors
and
the
reason
they
said
was
they
don't
care
because
they,
the
the
sdn
mod
model,
is
set
up
to
be
controlled
by
a
centralized
controller
and
all
they
care
is
that
they
they
told
like
what
to
do
and
that
bike
did
it
and
it
has
a
child
essay
info
leaf.
That
holds
the
connection.
H
Connections,
essay
related
information,
but
you
know
as
you
as
it
everybody
in
the
room
probably
knows
you
know,
you've
got
a
connection
and
it's
gonna
cycle
through
child
assays
and
stuff
like
that
right,
but
also
it's
also
missing
the
essay
information
right
it
has.
My
slide
is
a
little
bit
wrong
it
it.
It
also
includes
not
just
lifetime
values,
but
it
includes
the
like
esp
encapsulation
type
right,
like
whether
there's
a
nat
or
udp,
and
a
few
other
things
like
that.
What
it
doesn't
include
is
the
selected
transforms
right.
H
So
you
know
you
might
be
specifying
a
bunch
of
different
possible
esp
algorithms
encryption,
algorithms,
but
it
doesn't.
It
doesn't
tell
you
which
one
it's
selected,
also
both
of
the
models:
don't
have
any
counters.
You
know
on
either
it
you
could
so
yeah.
I
think
the
iclist
might
have
some
counters
read-only
state
counters
for
the
lifetime
value,
but
the
that
information
is
just
that's
not
provided
in
the
in
the
child
essay
info.
It
you,
you
can
specify
the
configuration,
but
it
doesn't
keep
it
running
account.
H
Let's
go
to
the
next
slide,
so
we
can
easily
modify
this
model,
but
in
two
ways
we
could
move
the
sad
into
the
common
out
of
the
iklis,
because,
basically
just
recognizing
the
fact
that
you
know
ipsec's
implementations
have
a
sad
in
a
spd,
at
least
logically,
whether
they're
running
ike
or
not,
and
if
we
did
that,
then
under
child,
let's
say
info,
you
could
actually
then
track
the
sa
that
the
I
kid
created
right.
So
you
would
just
have
a
reference
to
the
s
say
the
sab
likewise.
H
Otherwise,
you
know
late
in
the
game:
it's
pretty
easy
to
change
like
the
module
name.
So
if
you
noticed
earlier
the
module
names
for
these
sdn
models,
don't
include
the
letters
sdn
or
i2
nsf,
right,
they
just
say
ipsec,
common
and
ipsec
like
so.
If
they're
not
going
to
make
a
few
adjustments
to
be
usable
as
a
base
model,
I
think
that
we
should
ask
them
to
add
sdn
to
their
module
name
so
that
they
don't
look
like
they're
representing
like
in
general,
so
the
next
slide.
H
I
don't
want
to
get
too
much
into
how
the
sdn
model
works,
but
those
notifications
are
critical
to
running
iclicks
right.
It
allows
the
acquire
to
be
sent
from
the
receiving
ipsec
router
to
the
sdn
controller,
so
those
stay
the
same,
but
just
move
just
move
the
state
into
the
common
model.
So
it's
shared
by
the
icann
dyclis
next
slide.
I
think
there's
one
other
change.
So
what
this
means
is
that
in
the
like,
in
the
existing
ike
mod
model,
you
just
change
the
hard.
H
H
So
if
the,
if
we're
able
to
make
those
changes,
then
iptfs
just
augments
the
common
spd
entry,
and
previously
we
had
to
do
this
in
two
places
we,
the
operational
config
augments,
the
one
sa
sa
entry
instead
of
two
places
and
the
operational
statistics
modify
the
sad
entry.
This
was
not
available
under
ike,
but
now
would
be
so.
It
would
cover
both
cases
and
we
would
continue
to
augment
the
child
essay
info,
because
this
would
carry
aggregate
statistics
right.
H
So
you
know
the
your
per
essay
statistics
are
are
gonna
need
to
be
summed
up
over
time
for
the
connection
next
slide?
Please
so
that's
it.
So
the
the
question
that
we
have
for
the
group
is:
what
should
we
do,
and
I
I
will
note,
is
the
shepherd
for
the
sdn
documents
so
curious
about
your
opinion.
In
particular,
I
mean:
do
we
think
it's
too
late,
it's
a
very
small
change
and
it
and
then
they
would
they
were
actually
it's.
C
H
Maybe
you
know
I
I
mean
it,
but
the
the
one
thing
that
that's
different,
I
guess
here
is
that
is
that
this
is
the
working
group
that
actually
understands
the
change
right.
The
conceptual
change
that
moving
the
sad
from
an
iklis
into
the
common,
really
isn't
a
big
change
right,
you're,
just
you're
moving
what
module
it's
under
and
the
only
thing
we're
really
logically
saying
is
that
all
ipsec
has
a
sad
versus
just
iklas
right
right,
but
for
the.
A
H
Correct
so
I
I'm
on
a
yang
doctor
too,
so
the
the
problem
is
that
that's
not
actually
what
yang
is
gonna
do
and
that's
not
what
they're
specifying
right,
because
we
have
something
called
ndma
models
anyway.
The
point
is
when
you
configure
something
it's
also
operational
state.
So
you
know
just
saying
that
yeah,
you
know
they're
saying
that
like
yeah,
we
just
want
to
configure
ike
right,
but
you
know
not
not
having
it.
H
Just
because
you
didn't
model,
it
doesn't
mean
the
information
isn't
there
and
the
other
thing
is
that
you
they
they
could
easily
say.
Okay,
you
cannot
configure
an
s,
a
static
sa
if
you're
running
an
ike
mode,
but
these
are
like
yang
isms
and
you
know
I'm
not.
I
I'm
not
sure
if
we
can
make
the
change,
but
I
also
think
that
maybe
we
can
you
know
I
don't
know
if
we
can
get
some
yang
experts
to
say
hey,
you
can
make
this
change.
H
You
don't
really
need
to
send
this
back
through
an
entire
working
group
process.
Again
right
I
mean
that
that's
kind
of
what
I
was
hoping
I
I
wouldn't
want
them
to
have
to
kick
this
back
and
run
the
process
all
over
again.
I
I,
I
think
that
you
know
the
the
reason
to
make.
The
change
is
that,
as
you
might
have
seen,
with
yang
versioning,
it's
it's
it's
that
it's
not
backwards
compatible.
So
if
we
ever
want
to
reuse
this,
we
can't
right.
We
have
to
issue
a
totally
new
model.
H
A
A
H
H
We
are
completely
willing
to
help
on
that
work.
We
would
really
want
to
be
using
the
work
they
did,
though,
right
and
not
starting
afresh,
so
that
I
mean
that's
just
that's.
Why
we're
bringing
this
up
is.
It
just
seems
like
such
a
waste.
You
know
to
to
waste
all
the
effort
to
you
know,
re-run
the
entire
process
for
something
they've
already
done,
but
maybe
that's
what
we
have
to
do
and
we
just
copy
their
exact
modules.
H
The
problem
is,
when
you
think
about
this
from
an
operator
standpoint
having
two
different
mod
modules
that
are
almost
identical,
but
aren't
right,
it's
just
it's
just
for
operators.
This
is
not
friendly,
for
you
know,
ietf
process,
maybe
it's
friendly
and
maybe
for
vendors,
that's
friendly,
who
only
want
to
do
like
an
iot
device
or
something,
but
you
know
for
for
operators
that
are
actually
running
this
stuff.
It's
not
from
to
have
multiple
modules
that
are
almost
identical.
D
D
D
H
K
I
I
wasn't
going
to
get
there,
but
it
is
the
the
data
tracker's
page
says
that
it
was
had
a
yang
doctor
early
review,
not
a
final
review
and
it's
not
an
early
version
and
that
that
one
of
the
comments
in
there
from
martin
did
the
review.
I
think
it's
comment
because
we
didn't
follow
the
guidelines
for
yang
models.
One
of
the
things
that
will
happen
is
it
does.
That
is
it'll,
make
sure
to
address
all
the
nmda
issues.
K
F
Well,
I'd
like
to
draw
an
attention
to
git
to
drop
and
the
written
job
had
received
quite
a
lot
of
changes
and
it
could
well
creation
with
well.
We
decided
with
discussion
with
brian
that
time
we
decided
to
make
it
more
along
the
like
view
and
not
another
protocol.
So
now
it
is
more
an
extension,
a
large
extension
from
the
ancients.
F
E
F
B
Hi,
so
just
quick
one
comment
on
labeled
ipsec:
we
are
still
working
on
implementing
it,
so
definitely
there's
still
interest,
we
just
didn't
get
to
it,
and
then
there
there's
also
the
graveyard
draft,
which
we
haven't
really
talked
about.
Much
hasn't
seen
that
many
changes
the
changes
that
people
requested
were
put
in.
So
this
is
a
question
to
the
chairs
about
what
to
do
with
it.
Are
we
going
for
adoption?
Are
we
going
to
drop
it.
A
A
It
would
be
good
idea
to
probably
continue
working
on
that,
because
I
think
it
would
be
useful
to
have
a
document
to
say
something
about
that,
but
there's
also
a
couple
of
other,
and
we
have.
We
know
that
there's
a
couple
of
drafts
that
are
ready
for
the
lasting
last
call
right.
A
very
good
last
call
that
we
should
be
starting
to
get
out,
and
so
I
think
we
need
to
take
this
all
over
to
the
list.
A
So
if
people
would
set
the
lim
reminders
to
the
list
and
saying
that
okay,
these
documents
are
ready
and
should
be
going
to
the
working
club
last
call,
so
we
can
start
it
and
for
the
graveyard
document.
I
think
you
should
talk
with
ad
first
and
you
know
discuss
whether
he
wants
to,
but
whether
he
digs
it
it's
actually
better
to
have
it.
That's
a
as
you
know,
80
sponsored
or
on
working
group
document,
because
I
think
the
problem
with
working
group
document
is
always
a
little
bit.
A
A
So
so
I
think
it
would
be
also
very
good
to
have
you
know,
interrupt
or
inter
meeting
about
the
esp
stuff,
because
I
think
there
is
going
to
be
lots
of
discussion
about
that.
But
it's
it
was.
I
realized
that
it's
going
to
be
taking
about
an
hour
or
so
to
discuss
that.
So
that's
why
I
think
it
we
got
it
short
here
and
I
think
it
would
be
better
to
have
a
inter
meeting
somewhere
to
discuss
only
that
or
something
like
that
today
was
just
the
pitch
medium.