12231223< thead > < tr >
12241224< td class ="left "> Internet-Draft</ td >
12251225< td class ="center "> EESP</ td >
1226- < td class ="right "> June 2025</ td >
1226+ < td class ="right "> July 2025</ td >
12271227</ tr > </ thead >
12281228< tfoot > < tr >
12291229< td class ="left "> Klassert, et al.</ td >
1230- < td class ="center "> Expires 29 December 2025 </ td >
1230+ < td class ="center "> Expires 4 January 2026 </ td >
12311231< td class ="right "> [Page]</ td >
12321232</ tr > </ tfoot >
12331233</ table >
12381238< dd class ="workgroup "> IPSECME Working Group</ dd >
12391239< dt class ="label-published "> Published:</ dt >
12401240< dd class ="published ">
1241- < time datetime ="2025-06-27 " class ="published "> 27 June 2025</ time >
1241+ < time datetime ="2025-07-03 " class ="published "> 3 July 2025</ time >
12421242 </ dd >
12431243< dt class ="label-intended-status "> Intended Status:</ dt >
12441244< dd class ="intended-status "> Standards Track</ dd >
12451245< dt class ="label-expires "> Expires:</ dt >
1246- < dd class ="expires "> < time datetime ="2025-12-29 " > 29 December 2025 </ time > </ dd >
1246+ < dd class ="expires "> < time datetime ="2026-01-04 " > 4 January 2026 </ time > </ dd >
12471247< dt class ="label-authors "> Authors:</ dt >
12481248< dd class ="authors ">
12491249< div class ="author ">
@@ -1295,7 +1295,7 @@ <h2 id="name-status-of-this-memo">
12951295 time. It is inappropriate to use Internet-Drafts as reference
12961296 material or to cite them other than as "work in progress."< a href ="#section-boilerplate.1-3 " class ="pilcrow "> ¶</ a > </ p >
12971297< p id ="section-boilerplate.1-4 ">
1298- This Internet-Draft will expire on 29 December 2025 .< a href ="#section-boilerplate.1-4 " class ="pilcrow "> ¶</ a > </ p >
1298+ This Internet-Draft will expire on 4 January 2026 .< a href ="#section-boilerplate.1-4 " class ="pilcrow "> ¶</ a > </ p >
12991299</ section >
13001300</ div >
13011301< div id ="copyright ">
@@ -1772,7 +1772,6 @@ <h4 id="name-fixed-base-header">
17721772 < p id ="section-2.2.1-3.12.1 "> 32 bits: The SPI is an arbitrary
1773177332-bit value that is used by a receiver to identify the SA to which
17741774an incoming packet is bound.< a href ="#section-2.2.1-3.12.1 " class ="pilcrow "> ¶</ a > </ p >
1775- < p id ="section-2.2.1-3.12.2 "> #This combined with the 16-bit Session ID is the Enhanced SPI.< a href ="#section-2.2.1-3.12.2 " class ="pilcrow "> ¶</ a > </ p >
17761775</ dd >
17771776 < dd class ="break "> </ dd >
17781777</ dl >
@@ -1866,7 +1865,8 @@ <h3 id="name-peer-header">
18661865| Sequence Number (optional) |
18671866| |
18681867+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1869- | IV (optional) |
1868+ | |
1869+ ~ IV (optional) ~
18701870| |
18711871+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
18721872</ pre >
@@ -1941,7 +1941,8 @@ <h4 id="name-initialization-vector">
19411941< p id ="section-2.3.2-2 "> Counter mode algorithms MAY use the 64-bit counter as the
19421942Initialization Vector (IV) in the Sequence number Field, as specified
19431943< span > [< a href ="#RFC8750 " class ="cite xref "> RFC8750</ a > ]</ span > . This option, Implicit Initialization Vector (IIV)
1944- saves 8 header bytes on each packet. Whether or not this option is
1944+ saves the size of IV on each packet.
1945+ Whether or not this option is
19451946selected is determined as part of Security Association (SA)
19461947establishment.< a href ="#section-2.3.2-2 " class ="pilcrow "> ¶</ a > </ p >
19471948</ section >
@@ -2110,7 +2111,8 @@ <h3 id="name-full-and-optimized-packet-f">
21102111| Sequence Number (optional) |
21112112| |
21122113+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2113- | IV* (optional) |
2114+ | |
2115+ ~ IV* (optional) ~
21142116| |
21152117+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
21162118| 0x0 | Reserved | Next Header | Pad Length |
@@ -2149,7 +2151,8 @@ <h3 id="name-full-and-optimized-packet-f">
21492151| Sequence Number (optional) |
21502152| |
21512153+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2152- | IV* (optional) |
2154+ | |
2155+ ~ IV* (optional) ~
21532156| |
21542157+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
21552158| |
@@ -2520,14 +2523,14 @@ <h4 id="name-eesp-flow-identifier-option">
25202523 </ h4 >
25212524< p id ="section-3.1.2-1 "> Flow Identifier (FID) Options are used to carry characteristic
25222525information of the inner flow and SHOULD NOT change on per packet
2523- basis inside any inner flow. # to avoid packet reordering.
2524- The Flow Identifier SHOULD be negotiated by IKEv2 or another
2526+ basis inside any inner flow.< a href =" #section-3.1.2-1 " class =" pilcrow " > ¶ </ a > </ p >
2527+ < p id =" section-3.1.2-2 " > The Flow Identifier SHOULD be negotiated by IKEv2 or another
25252528suitable protocol. The detailed specification of FIDs MAY be provided
25262529in subsequent documents. The precise meaning of a FID is opaque to
2527- intermediate devices.< a href ="#section-3.1.2-1 " class ="pilcrow "> ¶</ a > </ p >
2530+ intermediate devices.< a href ="#section-3.1.2-2 " class ="pilcrow "> ¶</ a > </ p >
25282531< span id ="name-flow-identifier-option "> </ span > < div id ="fid-option ">
25292532< figure id ="figure-11 ">
2530- < div class ="sourcecode " id ="section-3.1.2-2 .1 ">
2533+ < div class ="sourcecode " id ="section-3.1.2-3 .1 ">
25312534< pre >
25322535 0 1 2 3
25332536 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
@@ -2544,21 +2547,21 @@ <h4 id="name-eesp-flow-identifier-option">
25442547< a href ="#name-flow-identifier-option " class ="selfRef "> Flow Identifier Option</ a >
25452548 </ figcaption > </ figure >
25462549</ div >
2547- < span class ="break "> </ span > < dl class ="dlParallel " id ="section-3.1.2-3 ">
2548- < dt id ="section-3.1.2-3 .1 "> Option Type</ dt >
2549- < dd style ="margin-left: 1.5em " id ="section-3.1.2-3 .2 ">
2550- < p id ="section-3.1.2-3 .2.1 "> 8 bits: See < a href ="#sec-eesp-header-options " class ="auto internal xref "> Section 3</ a > < a href ="#section-3.1.2-3 .2.1 " class ="pilcrow "> ¶</ a > </ p >
2550+ < span class ="break "> </ span > < dl class ="dlParallel " id ="section-3.1.2-4 ">
2551+ < dt id ="section-3.1.2-4 .1 "> Option Type</ dt >
2552+ < dd style ="margin-left: 1.5em " id ="section-3.1.2-4 .2 ">
2553+ < p id ="section-3.1.2-4 .2.1 "> 8 bits: See < a href ="#sec-eesp-header-options " class ="auto internal xref "> Section 3</ a > < a href ="#section-3.1.2-4 .2.1 " class ="pilcrow "> ¶</ a > </ p >
25512554</ dd >
25522555 < dd class ="break "> </ dd >
2553- < dt id ="section-3.1.2-3 .3 "> Option Length</ dt >
2554- < dd style ="margin-left: 1.5em " id ="section-3.1.2-3 .4 ">
2555- < p id ="section-3.1.2-3 .4.1 "> 8 bits: See < a href ="#sec-eesp-header-options " class ="auto internal xref "> Section 3</ a > < a href ="#section-3.1.2-3 .4.1 " class ="pilcrow "> ¶</ a > </ p >
2556+ < dt id ="section-3.1.2-4 .3 "> Option Length</ dt >
2557+ < dd style ="margin-left: 1.5em " id ="section-3.1.2-4 .4 ">
2558+ < p id ="section-3.1.2-4 .4.1 "> 8 bits: See < a href ="#sec-eesp-header-options " class ="auto internal xref "> Section 3</ a > < a href ="#section-3.1.2-4 .4.1 " class ="pilcrow "> ¶</ a > </ p >
25562559</ dd >
25572560 < dd class ="break "> </ dd >
2558- < dt id ="section-3.1.2-3 .5 "> FID</ dt >
2559- < dd style ="margin-left: 1.5em " id ="section-3.1.2-3 .6 ">
2560- < p id ="section-3.1.2-3 .6.1 "> Variable length, carries characteristic information of a
2561- inner flow and MUST NOT change for a given inner flow within a SA.< a href ="#section-3.1.2-3 .6.1 " class ="pilcrow "> ¶</ a > </ p >
2561+ < dt id ="section-3.1.2-4 .5 "> FID</ dt >
2562+ < dd style ="margin-left: 1.5em " id ="section-3.1.2-4 .6 ">
2563+ < p id ="section-3.1.2-4 .6.1 "> Variable length, carries characteristic information of a
2564+ inner flow and MUST NOT change for a given inner flow within a SA.< a href ="#section-3.1.2-4 .6.1 " class ="pilcrow "> ¶</ a > </ p >
25622565</ dd >
25632566 < dd class ="break "> </ dd >
25642567</ dl >
@@ -2568,12 +2571,12 @@ <h4 id="name-eesp-flow-identifier-option">
25682571 < h4 id ="name-eesp-crypt-offset-option ">
25692572< a href ="#section-3.1.3 " class ="section-number selfRef "> 3.1.3. </ a > < a href ="#name-eesp-crypt-offset-option " class ="section-name selfRef "> EESP Crypt Offset Option</ a >
25702573 </ h4 >
2571- < p id ="section-3.1.3-1 "> This option is typically used for within one Datacenter use case
2574+ < p id ="section-3.1.3-1 "> This option is typically used within one Datacenter use case
25722575such as < span > [< a href ="#PSP " class ="cite xref "> PSP</ a > ]</ span > . When enabled, full packet format with Payload Info
25732576Header MUST be used; for the intermediate router to have Next Header.< a href ="#section-3.1.3-1 " class ="pilcrow "> ¶</ a > </ p >
25742577< p id ="section-3.1.3-2 "> The Crypt Offset can vary on a per packet basis. The maximum
25752578allowed Crypt Offset MUST be negotiated by IKEv2 or any other
2576- appropriate protocol. Packets with a Crypt Offset grater than
2579+ appropriate protocol. Packets with a Crypt Offset greater than
25772580the negotiated maximum MUST be dropped by the receiver.
25782581The receiver SHOULD cryptographically process such packets anyway.
25792582The action in case of a correct ICV value depends on local policy.
0 commit comments