| rfc9827v2.txt | rfc9827.txt | |||
|---|---|---|---|---|
| skipping to change at line 157 ¶ | skipping to change at line 157 ¶ | |||
| Transform Type 5 defines the set of properties of sequence numbers | Transform Type 5 defines the set of properties of sequence numbers | |||
| of IPsec packets of a given SA when these packets enter the | of IPsec packets of a given SA when these packets enter the | |||
| network. | network. | |||
| This updated definition is clarified as follows: | This updated definition is clarified as follows: | |||
| * "Sequence numbers" in this definition are not necessarily the | * "Sequence numbers" in this definition are not necessarily the | |||
| content of the Sequence Number field in the IPsec packets; they | content of the Sequence Number field in the IPsec packets; they | |||
| may also be some logical entities (e.g., counters) that could be | may also be some logical entities (e.g., counters) that could be | |||
| constructed take some information that is not transmitted on the | constructed taking some information that is not transmitted on the | |||
| wire into account. | wire into account. | |||
| * The properties are interpreted as characteristics of IPsec SA | * The properties are interpreted as characteristics of IPsec SA | |||
| packets rather than the results of sender actions. For example, | packets rather than the results of sender actions. For example, | |||
| in multicast SA with multiple unsynchronized senders, even if each | in multicast SA with multiple unsynchronized senders, even if each | |||
| sender ensures the uniqueness of sequence numbers it generates, | sender ensures the uniqueness of sequence numbers it generates, | |||
| the uniqueness of sequence numbers for all IPsec packets is not | the uniqueness of sequence numbers for all IPsec packets is not | |||
| guaranteed. | guaranteed. | |||
| * The properties are defined for the packets just entering the | * The properties are defined for the packets just entering the | |||
| network and not for the packets that receivers get. This is | network and not for the packets that receivers get. This is | |||
| because network behavior may break some of these properties (e.g., | because network behavior may break some of these properties (e.g., | |||
| packet duplication would break sequence number uniqueness). | packet duplication would break sequence number uniqueness). | |||
| * The properties of sequence numbers are interpreted in a broad | * The properties of sequence numbers are interpreted in a broad | |||
| sense, which includes the case when sequence numbers are absent. | sense, which includes the case when sequence numbers are absent. | |||
| Given this updated definition, Transform Type 5 in the "Transform | Given this updated definition, Transform Type 5 in the "Transform | |||
| Type Values" registry [IKEV2-IANA] has been renamed from "Extended | Type Values" registry [IKEV2-IANA] has been renamed from "Extended | |||
| Sequence Numbers (ESN)" to "Sequence Numbers (SN)". | Sequence Numbers (ESN)" to "Sequence Numbers (SN)" in the sense that | |||
| it defines the properties of the sequence numbers in a broad sense. | ||||
| It is expected that new Transform IDs will be defined for this | It is expected that new Transform IDs will be defined for this | |||
| Transform Type in the future (like in G-IKEv2 [G-IKEv2] for the case | Transform Type in the future (like in G-IKEv2 [G-IKEv2] for the case | |||
| of multicast SAs). Documents defining new Transform IDs should | of multicast SAs). Documents defining new Transform IDs should | |||
| include descriptions of the properties the sequence numbers would | include descriptions of the properties the sequence numbers would | |||
| have if the new Transform ID was selected. In particular, the | have if the new Transform ID was selected. In particular, the | |||
| descriptions should include discussion of whether these properties | descriptions should include discussion of whether these properties | |||
| allow replay protection to be achieved. | allow replay protection to be achieved. | |||
| Some existing protocols (like Implicit IV in ESP [RFC8750] or | Some existing protocols (like Implicit IV in ESP [RFC8750] or | |||
| End of changes. 2 change blocks. | ||||
| 2 lines changed or deleted | 3 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||