**Session Date/Time:** 09 Nov 2023 12:00 # ipsecme ## Summary The ipsecme meeting covered a range of topics, including working group status, several draft presentations, and discussions around adoption calls. Key discussion points revolved around Diffie-Hellman group inconsistencies, alternative approaches for mixing keys, ESP header and trailer optimization, anti-replay mechanisms, and beat mode standardization. ## Key Discussion Points * **Diffie-Hellman Group Inconsistencies:** Problems arise when the initial exchange creates both a child SA and an IKE SA with the same Diffie-Hellman group but different configurations for ESP. Potential solutions involve advertising the KE of the child SA in the initial exchange and ensuring the IKE Diffie-Hellman group is allowed for ESP. * **Alternative Approach for Mixing Keys (PPK):** An alternative approach for mixing symmetric keys into the key scheduler, protecting the initial IKE SA. The new version allows negotiating the alternative approach independently from RFC 8784 and supports using PPKs for rekeying. * **ESP Header and Trailer Optimization:** Problems with the current ESP header and trailer format in high-speed networks and SDN environments. Possible solutions discussed including moving the header to the trailer for better cache locality and considering an encryption offset to expose the inner transport header for SDN. Reusing or modifying rapid ESP (WESP) was also mentioned. * **Anti-Replay Mechanisms:** Addressing issues with anti-replay in multi-core and multi-path scenarios. The proposed solution involves using a 64-bit anti-replay window and subspace IDs within the ESP header. * **Beat Mode Standardization:** Discussing the standardization of beat mode, including identifying the need for standardizing the IKE negotiation and clarifying mobile IP and NAT use cases. This mode is already defined in RFC 7402 Appendix B. * **ESP Trailer Adjustment:** Addressing the challenges faced by the format of ESP when improving the performance of ipsec and considering hardware implementation. Moving the ESP trailer after the ESP header could support both transport mode and tunnel mode. * **Delete Tunnel Notification:** A proposal for notifying the peer about the reason for deleting a tunnel with a 2-byte counter or enumeration for downtime and reasons. ## Decisions and Action Items * **Working Group Adoption Calls:** * Initiate adoption calls for documents discussed, including PPK key exchange and Stefan's ESP problem statement draft, after consulting with the AD. * **Diffie-Hellman Group Inconsistencies:** * Paul to create a 00 draft outlining the issues and potential solutions, including advertising the KE of the child SA in the initial exchange and allowing IKE's Diffie-Hellman group for ESP. * **ESP Header and Trailer Optimization:** * Discuss the use of rapid ESP (WESP) further, considering performance implications of copying headers. * Continue the discussion on the mailing list. * **Anti-Replay Mechanisms:** * Technical concerns to be addressed. * Continue discussion on the mailing list. * **Beat Mode Standardization:** * Create a separate RFC to keep Heap separate from IKE. * Continue the discussion on the mailing list. * **Delete Tunnel Notification:** * Discussion should move to the mailing list. ## Next Steps * Authors to incorporate feedback received during the meeting into their respective drafts. * Chairs to initiate adoption calls and ensure documents in working group last call are reviewed. * Continue technical discussions on the mailing list for all presented topics.