Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-ipsecme-add-ike-14> for your review
Valery Smyslov <svan@elvis.ru> Thu, 14 September 2023 12:17 UTC
Return-Path: <svan@elvis.ru>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0E72C151076; Thu, 14 Sep 2023 05:17:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.006
X-Spam-Level:
X-Spam-Status: No, score=-2.006 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTTP_ESCAPED_HOST=0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=elvis.ru
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oP2BLb5U6CwS; Thu, 14 Sep 2023 05:17:35 -0700 (PDT)
Received: from dpmail.elvis.ru (dpmail.elvis.ru [93.188.44.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEA53C15106F; Thu, 14 Sep 2023 05:17:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=elvis.ru; s=mail; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID: Date:Subject:CC:To:From:Sender:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=wfQgJ4Jz5wCCsUcPEdDW5DvHCda6t50a+bD9eZ83QGs=; b=gg/e5x8/opQrBI0q5MsG5Ts8yw qzxzR8A1GOqz6Bn8TywlXboLaPNhET4Sr0WepzCa377RVgH/VjYfHYTYDQt9J+fGfOVS6j5huXtN7 Tcb0jsHFLEZ0MpSjGh2DFWTxLHtKWcoEkw5MZAXHdyF594WoPZ6grfIuDz1F3IzqIEXs=;
Received: from kmail2.elvis.ru ([93.188.44.210]) by dpmail.elvis.ru with esmtp (Exim 4.89) (envelope-from <svan@elvis.ru>) id 1qglHc-0004nw-1q; Thu, 14 Sep 2023 15:17:21 +0300
Received: from mail16.office.elvis.ru ([10.111.1.29] helo=mail.office.elvis.ru) by kmail2.elvis.ru with esmtp (Exim 4.94.2) (envelope-from <svan@elvis.ru>) id 1qglHb-00HPxG-Nr; Thu, 14 Sep 2023 15:17:19 +0300
Received: from MAIL16.office.elvis.ru (10.111.1.29) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Thu, 14 Sep 2023 15:17:19 +0300
Received: from buildpc (10.111.10.33) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server id 15.1.1779.2 via Frontend Transport; Thu, 14 Sep 2023 15:17:19 +0300
From: Valery Smyslov <svan@elvis.ru>
To: mohamed.boucadair@orange.com, rfc-editor@rfc-editor.org, kondtir@gmail.com, dwing-ietf@fuggles.com
CC: ipsecme-ads@ietf.org, ipsecme-chairs@ietf.org, kivinen@iki.fi, rdd@cert.org, auth48archive@rfc-editor.org
Date: Thu, 14 Sep 2023 15:17:22 +0300
Message-ID: <048401d9e705$6a169d60$3e43d820$@elvis.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdnmRfIp9bdtyRfoQnWQHNAmPaI0yw==
Content-Language: ru
X-CrossPremisesHeadersFilteredBySendConnector: MAIL16.office.elvis.ru
X-OrganizationHeadersPreserved: MAIL16.office.elvis.ru
X-Spam-Scanner: Rspamd work in kmail2.elvis.ru, WHITELIST
X-KLMS-Rule-ID: 1
X-KLMS-Message-Action: clean
X-KLMS-AntiSpam-Status: not scanned, disabled by settings
X-KLMS-AntiPhishing: Clean, bases: 2023/02/21 22:47:00
X-KLMS-AntiVirus: Kaspersky Security for Linux Mail Server, version 8.0.3.30, bases: 2023/02/21 21:02:00 #20887462
X-KLMS-AntiVirus-Status: Clean, skipped
X-Spam-Scanner: Rspamd work in dpmail.elvis.ru, WHITELIST
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/FjYq3Y1pd2ZTBivB_GlEnl68QF8>
Subject: Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-ipsecme-add-ike-14> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Sep 2023 12:17:41 -0000
Hi Lynne, Med, all, I agree with the resolutions proposed by Med. I have one minor comment. Upper part of Figure 4: CURRENT: 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-----------------------------+-------------------------------+ |R| Attribute Type | Length | +-+-----------------------------+---------------+---------------+ ... NEW: 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-----------------------------+-------------------------------+ |R| Attribute Type | Length | +-+-----------------------------+-------------------------------+ ... (erroneous '+' instead of '-'). Regards, Valery. > -----Original Message----- > From: mohamed.boucadair@orange.com [mailto:mohamed.boucadair@orange.com] > Sent: Tuesday, September 12, 2023 11:53 AM > To: rfc-editor@rfc-editor.org; kondtir@gmail.com; dwing-ietf@fuggles.com; svan@elvis.ru > Cc: ipsecme-ads@ietf.org; ipsecme-chairs@ietf.org; kivinen@iki.fi; rdd@cert.org; auth48archive@rfc- > editor.org > Subject: [***SPAM***] RE: AUTH48: RFC-to-be 9464 <draft-ietf-ipsecme-add-ike-14> for your review > > Dear RFC Editor, > > Please see inline. > > I let my co-authors further comment as appropriate. > > Cheers, > Med > > > -----Message d'origine----- > > De : rfc-editor@rfc-editor.org <rfc-editor@rfc-editor.org> > > Envoyé : samedi 9 septembre 2023 05:00 > > À : BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com>; > > kondtir@gmail.com; dwing-ietf@fuggles.com; svan@elvis.ru > > Cc : rfc-editor@rfc-editor.org; ipsecme-ads@ietf.org; ipsecme- > > chairs@ietf.org; kivinen@iki.fi; rdd@cert.org; auth48archive@rfc- > > editor.org > > Objet : Re: AUTH48: RFC-to-be 9464 <draft-ietf-ipsecme-add-ike-14> > > for your review > > > > Authors, > > > > While reviewing this document during AUTH48, please resolve (as > > necessary) the following questions, which are also in the XML > > file. > > > > 1) <!-- [rfced] Section 2: We had trouble following this > > paragraph; "but could be located outside of it" followed by "the > > latter option becomes plausible" is a bit confusing. If the > > suggested text doesn't adequately clarify things, would you like > > to provide alternative text that does? > > > > Original: > > For many years, typical designs have often considered that the > > DNS resolver was usually located inside the protected domain, but > > could be located outside of it. With encrypted DNS, the latter > > option becomes plausible. Note that existing VPN client > > implementations might not expect that the discovered DNS resolver > > IP addresses to be outside of the covered IP address ranges of > > the VPN tunnel. > > > > Suggested: > > For many years, typical designs have often assumed that the DNS > > resolver was usually located inside the protected domain, but they > > don't consider implementations where the DNS resolver could be > > located outside of it. With encrypted DNS, managing the latter > > scenario becomes plausible. Note that existing VPN client > > implementations might not expect the discovered DNS resolver IP > > addresses to be outside of the covered IP address ranges of the > > VPN tunnel. --> > > > > [Med] OK with "s/managing/implementing" or "s/managing/deploying". > > > > > 2) <!-- [rfced] Section 3.1: Please clarify the meaning of "to > > configure ... to an initiator". > > > > Original: > > The ENCDNS_IP* IKEv2 Configuration Payload Attribute Types, > > ENCDNS_IP4 and ENCDNS_IP6, are used to configure encrypted DNS > > resolvers to an initiator. --> > > > > [Med] What about? > > NEW: > The ENCDNS_IP* IKEv2 Configuration Payload Attribute Types, > ENCDNS_IP4 and ENCDNS_IP6, are used to configure an initiator > with encrypted DNS resolvers. > > > > > 3) <!-- [rfced] Please review each artwork element. Should any of > > them be tagged as sourcecode? If the current list of preferred > > values for "type" > > (https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2 > > Fwww.rfc-editor.org%2Fmaterials%2Fsourcecode- > > types.txt&data=05%7C01%7Cmohamed.boucadair%40orange.com%7Cb2a1f0de > > e85244493d1908dbb0e0e24c%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C > > 0%7C638298252306689579%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDA > > iLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sd > > ata=owrKC%2BaVwCKIaYUrlgQ%2FjOWPPgMyIDNDCh9P6A3ynOI%3D&reserved=0) > > does not contain an applicable type, please let us know. Also, it > > is acceptable to leave the "type" attribute not set. --> > > > > [Med] We can leave this not set. > > > > > 4) <!-- [rfced] Figure 1: We corrected the field-name mismatch > > per > > "IP Address(es) (variable) - Includes one or more IP addresses" as > > listed in the descriptions below. Please let us know any > > objections. > > > > Original: > > ~ IP Addresses ~ > > > > Currently: > > ~ IP Address(es) ~ > > --> > > > > [Med] OK. > > > > > 5) <!-- [rfced] Section 3.1: The use of "attribute" versus > > "attributes" > > was confusing here. We updated the figure title and the next > > sentence as follows. If this is incorrect, please provide a clear > > figure title and following text. > > > > Original: > > Figure 1: Attributes Format > > > > The description of the fields of the attribute shown in Figure 1 > > is > > as follows: > > > > Currently: > > Figure 1: Format of ENCDNS_IP4 and ENCDNS_IP6 Attribute Types > > > > The descriptions of the fields shown in Figure 1 are as follows: > > --> > > [Med] I suggest to update as follows: > > NEW: > Figure 1: Format of ENCDNS_IP4 and ENCDNS_IP6 Configuration Attributes > > > > > > > 6) <!-- [rfced] Sections 3.1 and 3.2: Should these three > > instances of > > "Configuration Attribute Type" be "Configuration Payload Attribute > > Type"? > > [Med] We can maintain the original text as that is aligned with the usage in > https://datatracker.ietf.org/doc/html/rfc7296#section-3.15.1. > > > > > Original: > > * Attribute Type (15 bits) - Identifier for Configuration > > Attribute > > Type. This is set to TBA1 for ENCDNS_IP4 or TBA2 for > > ENCDNS_IP6, > > as registered in Section 8. > > ... > > * Attribute Type (15 bits) - Identifier for Configuration > > Attribute > > Type; is set to TBA3 value listed in Section 8. > > ... > > * Attribute Type (15 bits) - Identifier for Configuration > > Attribute > > Type; is set to TBA3 value listed in Section 8. --> > > > > > > 7) <!-- [rfced] Section 3.1: It looks odd to have 'Length of the > > ADN' > > but no quotes around Length of SvcParams. May we update as > > suggested? > > > > Original: > > - (4 + 'Length of the ADN' + N * 4 + Length of SvcParams) for > > ... > > - (4 + 'Length of the ADN' + N * 16 + Length of SvcParams) for > > > > Suggested: > > * (4 + 'Length of the ADN' + N * 4 + 'Length of SvcParams') for > > ... > > * (4 + 'Length of the ADN' + N * 16 + 'Length of SvcParams') for > > --> > > > > [Med] The suggested text is OK. > > > > > 8) <!-- [rfced] Figure 2: We found it confusing that the > > description > > for the "Certificate Digest" field only appears after Figure 4. > > Will readers readily find the field description, or should some > > clarifying text be added? > > > > [Med] I don't think a change is needed here. > > > Original: > > Some of the fields shown in Figure 2 can be omitted as further > > detailed below. > > > > Possibly: > > Some of the fields shown in Figure 2 can be omitted, as further > > detailed below. Descriptions for the "Authentication Domain > > Name" > > and "Certificate Digest" fields are provided below Figure 4. --> > > > > > > 9) <!-- [rfced] Section 4: Per Section 6.2 of RFC 8310 ("Section > > 8 > > discusses these mechanisms ..."), should "the mechanism" be "the > > mechanisms" here, or should one mechanism in particular from > > Section 8 of RFC 8310 be cited here? > > > > [Med] OK to update to "mechanisms". > > > Original: > > The DNS client establishes an encrypted DNS session (e.g., DoT, > > DoH, > > DoQ) with the address(es) conveyed in ENCDNS_IP* and uses the > > mechanism discussed in Section 8 of [RFC8310] to authenticate the > > DNS > > resolver certificate using the authentication domain name > > conveyed in > > ENCDNS_IP*. --> > > > > > > 10) <!-- [rfced] Section 4: Please confirm that "PKIX-EE(1) with > > selector SPKI(1)" is correct. We could only find "DANE-EE(3) and > > selector SPKI(1)" and "DANE-EE(3) with selector SPKI(1)" in RFC > > 7671. > > > > [Med] Yes, please see 5.3 of RFC7671. > > > Original: > > This approach is > > similar to certificate usage PKIX-EE(1) with selector SPKI(1) > > defined > > in [RFC7671] but without PKIX validation. --> > > > > > > 11) <!-- [rfced] Section 4: The first sentence in the "Note:" > > paragraph > > did not parse. We updated it as noted below. Please let us know > > any objections. > > > > Also, please review whether the "Note:" paragraph should be in the > > <aside> element. It is defined as "a container for content that > > is > > semantically less important or tangential to the content that > > surrounds it" > > (https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2 > > Fauthors.ietf.org%2Fen%2Frfcxml- > > vocabulary%23aside&data=05%7C01%7Cmohamed.boucadair%40orange.com%7 > > Cb2a1f0dee85244493d1908dbb0e0e24c%7C90c7a20af34b40bfbc48b9253b6f5d > > 20%7C0%7C0%7C638298252306689579%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC > > 4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C > > %7C%7C&sdata=I7PImckstjLTTo5K5l1VC8TFPxvqIThfb2C%2BxZ2gDTE%3D&rese > > rved=0). > > > > [Med] The use of <aside> element is not justified here. Please maintain the original format. > > > Original: > > Note: [RFC8598] requires INTERNAL_IP6_DNS (or INTERNAL_IP4_DNS) > > attribute to be mandatory present when INTERNAL_DNS_DOMAIN is > > included. This specification relaxes that constraint in the > > presence of ENCDNS_IP* attributes. That is, if ENCDNS_IP* > > attributes are supplied, it is allowed for responders to include > > INTERNAL_DNS_DOMAIN even in the absence of INTERNAL_IP6_DNS (or > > INTERNAL_IP4_DNS) attributes. > > > > Currently: > > Note: [RFC8598] requires that the INTERNAL_IP6_DNS (or > > INTERNAL_IP4_DNS) attribute be present when INTERNAL_DNS_DOMAIN > > is > > included. This specification relaxes that constraint in the > > presence of ENCDNS_IP* attributes. That is, if ENCDNS_IP* > > attributes are supplied, responders are allowed to include > > INTERNAL_DNS_DOMAIN even in the absence of INTERNAL_IP6_DNS (or > > INTERNAL_IP4_DNS) attributes. --> > > > > [Med] The suggested text looks good to me. > > > > > 12) <!-- [rfced] Section 5: We do not see SHA2-256 mentioned in > > RFC 6234. Will this citation be clear to readers? > > > > Original: > > Implementations MUST support SHA2-256 [RFC6234]. --> > > > > [Med] Yes. As we are relying on the IANA registry (https://www.iana.org/assignments/ikev2- > parameters/ikev2-parameters.xhtml#hash-algorithms), we are using the label that used in that registry + > authoritative spec with the hash algo. No change is needed here. > > > > > 13) <!-- [rfced] Section 6: Please clarify the meaning of "does > > not > > alter the trust on" in this sentence. Are some words missing? > > > > Original: > > This document adheres to the security considerations defined in > > [RFC7296]. In particular, this document does not alter the trust > > on > > the DNS configuration provided by a responder. --> > > > > [Med] What about: > > NEW: > In particular, this document does not alter the trust that the initiator > have on the DNS configuration provided by a responder. > > > > > 14) <!-- [rfced] Section 6: We had trouble parsing this sentence. > > Please clarify "returned ENCDNS_IP* resolvers configuration" and > > to what "it" refers (the responder or the initiator?). > > > > [Med] the initiator. > > > Original: > > If the IKEv2 responder has used NULL Authentication method > > [RFC7619] > > to authenticate itself, the initiator MUST NOT use returned > > ENCDNS_IP* resolvers configuration unless it is pre-configured, > > e.g., > > in the operating system or the application. --> > > > > > > 15) <!-- [rfced] Regarding the references to IANA subregistries, > > we note > > that [IANA-IKE-HASH] is normative, whereas [IANA-IKE-CFG] is > > informative. > > Would you like these both to be one or the other? > > > > [Med] The current classification is correct. We had this comment during the publication process. IANA- > IKE-HASH is normative as this is key for interoperability. > > > For background: > > "Normative references specify documents that must be read to > > understand > > or implement the technology in the new RFC, or whose technology > > must be > > present for the technology in the new RFC to work. An informative > > reference is not normative; rather, it only provides additional > > information." > > from > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > www.ietf.org%2Fabout%2Fgroups%2Fiesg%2Fstatements%2Fnormative- > > informative- > > references%2F&data=05%7C01%7Cmohamed.boucadair%40orange.com%7Cb2a1 > > f0dee85244493d1908dbb0e0e24c%7C90c7a20af34b40bfbc48b9253b6f5d20%7C > > 0%7C0%7C638298252306689579%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjA > > wMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7 > > C&sdata=ey5hl4Xv5MyTVuxIXlWrbMmiVEkAbgrhCZL5D9vH6ys%3D&reserved=0) > > > > [IANA-IKE-HASH] > > IANA, "IKEv2 Hash Algorithms", > > > > <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2 > > Fwww.iana.org%2Fassignments%2Fikev2- > > parameters%2F&data=05%7C01%7Cmohamed.boucadair%40orange.com%7Cb2a1 > > f0dee85244493d1908dbb0e0e24c%7C90c7a20af34b40bfbc48b9253b6f5d20%7C > > 0%7C0%7C638298252306689579%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjA > > wMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7 > > C&sdata=ARTDuz1COFOC%2FBCc24fCN%2FXoihzfU0PBlxSKXdd6QiM%3D&reserve > > d=0>. > > > > [IANA-IKE-CFG] > > IANA, "IKEv2 Configuration Payload Attribute Types", > > > > <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2 > > Fwww.iana.org%2Fassignments%2Fikev2- > > parameters%2F&data=05%7C01%7Cmohamed.boucadair%40orange.com%7Cb2a1 > > f0dee85244493d1908dbb0e0e24c%7C90c7a20af34b40bfbc48b9253b6f5d20%7C > > 0%7C0%7C638298252306689579%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjA > > wMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7 > > C&sdata=ARTDuz1COFOC%2FBCc24fCN%2FXoihzfU0PBlxSKXdd6QiM%3D&reserve > > d=0>. > > --> > > > > > > 16) <!-- [rfced] Appendix A.1: Please clarify the meaning of > > "There is > > no ambiguity to" in this sentence. > > > > Original: > > There is no ambiguity to identify the > > encrypted resolver associated with the supplied digest. > > > > Possibly: > > Identifying the encrypted resolver associated with the supplied > > digest is therefore unambiguous. --> > > > > [Med] The proposed wording is better. Thanks. > > > > > 17) <!-- [rfced] Please review the "Inclusive Language" portion of > > the > > online Style Guide at > > <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2 > > Fwww.rfc- > > editor.org%2Fstyleguide%2Fpart2%2F%23inclusive_language&data=05%7C > > 01%7Cmohamed.boucadair%40orange.com%7Cb2a1f0dee85244493d1908dbb0e0 > > e24c%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C0%7C6382982523066895 > > 79%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJ > > BTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=MzcH%2F6iSwrVdkU > > hLib6XWKcOo7aJn11FBbYieLo8oLg%3D&reserved=0>, > > and let us know if any changes are needed. > > > > Note that our script did not flag any words in particular, but > > this > > should still be reviewed as a best practice. --> > > > > [Med] I don't have any comment here. > > > > > 18) <!-- [rfced] Please let us know if any changes are needed for > > the > > following: > > > > a) The following terms were used inconsistently in this document. > > We chose to use the latter forms. Please let us know any > > objections. > > > > configuration payload attribute (in text; 1 instance) / > > Configuration Payload Attribute (in text; 3 instances) > > > > [Med] We can use "Configuration Payload Attribute" > > > Num addresses / Num Addresses (field name) > > > > [Med] We can use "Num Addresses" > > > b) The following terms/expressions appear to be used > > inconsistently in this document. Please let us know which form is > > preferred. > > > > hash algorithm identifiers / 'Hash Algorithm Identifiers' / > > Hash Algorithm Identifiers > > For example: > > included hash algorithm identifiers > > included 'Hash Algorithm Identifiers' > > the Hash Algorithm Identifier > > the hash algorithm identifiers > > > > [Med] We can use 'Hash Algorithm Identifiers' only when referring to the field name and hash algorithm > identifiers in the description text. > > > set to zero / set to 0 / set to '0' > > [Med] Please note that both "set to zero" and "set to 0" are used in rfc7296. We can change "set to '0'" to > "set to 0". > > > > > the ENCDNS_IP* Configuration Payload Attribute / > > the ENCDNS_IP* Configuration Payload Attribute(s) / > > the ENCDNS_IP* Configuration Payload Attributes > > > > [Med] "ENCDNS_IP* Configuration Payload Attributes" is used to refer to both IPv4/IPv6 attributes. The > singular form is better when describing the field. I suggest to make these changes in Section 3.1: > > OLD: in the ENCDNS_IP* Configuration Payload Attribute(s). > NEW: in the ENCDNS_IP* Configuration Payload Attribute. > > OLD: multiple ADNs are included in the ENCDNS_IP* Configuration Payload Attributes. > NEW: multiple ADNs are included in the ENCDNS_IP* Configuration Payload Attribute. > > > c) Please note that, per elsewhere in this document and per the > > rest > > of this cluster of documents > > (https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2 > > Fwww.rfc- > > editor.org%2Fcluster_info.php%3Fcid%3DC461&data=05%7C01%7Cmohamed. > > boucadair%40orange.com%7Cb2a1f0dee85244493d1908dbb0e0e24c%7C90c7a2 > > 0af34b40bfbc48b9253b6f5d20%7C0%7C0%7C638298252306689579%7CUnknown% > > 7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwi > > LCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=kgB%2BVVVsL5u0%2F7ewYwO%2FHks > > JsKFXUGsczfCrlaNEyCk%3D&reserved=0), we changed > > the single-quoted field names to double-quoted. Please let us > > know > > any concerns. --> > > > > > > Thank you. > > > > RFC Editor/lb/ar > > > > > > On Sep 8, 2023, rfc-editor@rfc-editor.org wrote: > > > > *****IMPORTANT***** > > > > Updated 2023/09/08 > > > > RFC Author(s): > > -------------- > > > > Instructions for Completing AUTH48 > > > > Your document has now entered AUTH48. Once it has been reviewed > > and > > approved by you and all coauthors, it will be published as an RFC. > > If an author is no longer available, there are several remedies > > available as listed in the FAQ > > (https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2 > > Fwww.rfc- > > editor.org%2Ffaq%2F&data=05%7C01%7Cmohamed.boucadair%40orange.com% > > 7Cb2a1f0dee85244493d1908dbb0e0e24c%7C90c7a20af34b40bfbc48b9253b6f5 > > d20%7C0%7C0%7C638298252306689579%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiM > > C4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7 > > C%7C%7C&sdata=AVmnlP7tXmIfvKcCbcKWP02MVqeSPbtjVM%2FX%2Ba5oJmE%3D&r > > eserved=0). > > > > You and you coauthors are responsible for engaging other parties > > (e.g., Contributors or Working Group) as necessary before > > providing > > your approval. > > > > Planning your review > > --------------------- > > > > Please review the following aspects of your document: > > > > * RFC Editor questions > > > > Please review and resolve any questions raised by the RFC Editor > > that have been included in the XML file as comments marked as > > follows: > > > > <!-- [rfced] ... --> > > > > These questions will also be sent in a subsequent email. > > > > * Changes submitted by coauthors > > > > Please ensure that you review any changes submitted by your > > coauthors. We assume that if you do not speak up that you > > agree to changes submitted by your coauthors. > > > > * Content > > > > Please review the full content of the document, as this cannot > > change once the RFC is published. Please pay particular > > attention to: > > - IANA considerations updates (if applicable) > > - contact information > > - references > > > > * Copyright notices and legends > > > > Please review the copyright notice and legends as defined in > > RFC 5378 and the Trust Legal Provisions > > (TLP - > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > trustee.ietf.org%2Flicense- > > info%2F&data=05%7C01%7Cmohamed.boucadair%40orange.com%7Cb2a1f0dee8 > > 5244493d1908dbb0e0e24c%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C0% > > 7C638298252306689579%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiL > > CJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdat > > a=CLVTn9%2FahmzPfRa7wbrqZX3hdy3XyTokVZR5mG5Y7m0%3D&reserved=0). > > > > * Semantic markup > > > > Please review the markup in the XML file to ensure that elements > > of > > content are correctly tagged. For example, ensure that > > <sourcecode> > > and <artwork> are set correctly. See details at > > > > <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2 > > Fauthors.ietf.org%2Frfcxml- > > vocabulary&data=05%7C01%7Cmohamed.boucadair%40orange.com%7Cb2a1f0d > > ee85244493d1908dbb0e0e24c%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7 > > C0%7C638298252306689579%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMD > > AiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&s > > data=z%2BMn8kpajc5kiHpa3ysWH7kTeAhugXRE2m616iMNdrY%3D&reserved=0>. > > > > * Formatted output > > > > Please review the PDF, HTML, and TXT files to ensure that the > > formatted output, as generated from the markup in the XML file, > > is > > reasonable. Please note that the TXT will have formatting > > limitations compared to the PDF and HTML. > > > > > > Submitting changes > > ------------------ > > > > To submit changes, please reply to this email using 'REPLY ALL' as > > all > > the parties CCed on this message need to see your changes. The > > parties > > include: > > > > * your coauthors > > > > * rfc-editor@rfc-editor.org (the RPC team) > > > > * other document participants, depending on the stream (e.g., > > IETF Stream participants are your working group chairs, the > > responsible ADs, and the document shepherd). > > > > * auth48archive@rfc-editor.org, which is a new archival mailing > > list > > to preserve AUTH48 conversations; it is not an active > > discussion > > list: > > > > * More info: > > > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > mailarchive.ietf.org%2Farch%2Fmsg%2Fietf-announce%2Fyb6lpIGh- > > 4Q9l2USxIAe6P8O4Zc&data=05%7C01%7Cmohamed.boucadair%40orange.com%7 > > Cb2a1f0dee85244493d1908dbb0e0e24c%7C90c7a20af34b40bfbc48b9253b6f5d > > 20%7C0%7C0%7C638298252306689579%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC > > 4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C > > %7C%7C&sdata=%2Fs6iQAXfBoXAipisgn1aB2Op8OzZo9Om3v18pCvMzRQ%3D&rese > > rved=0 > > > > * The archive itself: > > > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > mailarchive.ietf.org%2Farch%2Fbrowse%2Fauth48archive%2F&data=05%7C > > 01%7Cmohamed.boucadair%40orange.com%7Cb2a1f0dee85244493d1908dbb0e0 > > e24c%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C0%7C6382982523066895 > > 79%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJ > > BTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9N2d3iC33AbY5pVU > > %2FPJkD%2BFQDDBExuhHf9i1axXSM%2Bc%3D&reserved=0 > > > > * Note: If only absolutely necessary, you may temporarily opt > > out > > of the archiving of messages (e.g., to discuss a sensitive > > matter). > > If needed, please add a note at the top of the message that > > you > > have dropped the address. When the discussion is concluded, > > auth48archive@rfc-editor.org will be re-added to the CC > > list and > > its addition will be noted at the top of the message. > > > > You may submit your changes in one of two ways: > > > > An update to the provided XML file > > - OR - > > An explicit list of changes in this format > > > > Section # (or indicate Global) > > > > OLD: > > old text > > > > NEW: > > new text > > > > You do not need to reply with both an updated XML file and an > > explicit > > list of changes, as either form is sufficient. > > > > We will ask a stream manager to review and approve any changes > > that seem > > beyond editorial in nature, e.g., addition of new text, deletion > > of text, > > and technical changes. Information about stream managers can be > > found in > > the FAQ. Editorial changes do not require approval from a stream > > manager. > > > > > > Approving for publication > > -------------------------- > > > > To approve your RFC for publication, please reply to this email > > stating > > that you approve this RFC for publication. Please use 'REPLY > > ALL', > > as all the parties CCed on this message need to see your approval. > > > > > > Files > > ----- > > > > The files are available here: > > > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > www.rfc- > > editor.org%2Fauthors%2Frfc9464.xml&data=05%7C01%7Cmohamed.boucadai > > r%40orange.com%7Cb2a1f0dee85244493d1908dbb0e0e24c%7C90c7a20af34b40 > > bfbc48b9253b6f5d20%7C0%7C0%7C638298252306689579%7CUnknown%7CTWFpbG > > Zsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6 > > Mn0%3D%7C3000%7C%7C%7C&sdata=JGFmMJGNpWQgBX73UkQlpkX3iZM80t0z2EOvv > > Szk6xc%3D&reserved=0 > > > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > www.rfc- > > editor.org%2Fauthors%2Frfc9464.html&data=05%7C01%7Cmohamed.boucada > > ir%40orange.com%7Cb2a1f0dee85244493d1908dbb0e0e24c%7C90c7a20af34b4 > > 0bfbc48b9253b6f5d20%7C0%7C0%7C638298252306846778%7CUnknown%7CTWFpb > > GZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI > > 6Mn0%3D%7C3000%7C%7C%7C&sdata=JyumPy2ZshtNSIunfh19bKsl9t29rMU%2BrI > > VR30mTfWE%3D&reserved=0 > > > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > www.rfc- > > editor.org%2Fauthors%2Frfc9464.pdf&data=05%7C01%7Cmohamed.boucadai > > r%40orange.com%7Cb2a1f0dee85244493d1908dbb0e0e24c%7C90c7a20af34b40 > > bfbc48b9253b6f5d20%7C0%7C0%7C638298252306846778%7CUnknown%7CTWFpbG > > Zsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6 > > Mn0%3D%7C3000%7C%7C%7C&sdata=l1ehzpcaHu4X96xfBRIDWFyYKjXE7NCBwPsEk > > zdZ8C0%3D&reserved=0 > > > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > www.rfc- > > editor.org%2Fauthors%2Frfc9464.txt&data=05%7C01%7Cmohamed.boucadai > > r%40orange.com%7Cb2a1f0dee85244493d1908dbb0e0e24c%7C90c7a20af34b40 > > bfbc48b9253b6f5d20%7C0%7C0%7C638298252306846778%7CUnknown%7CTWFpbG > > Zsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6 > > Mn0%3D%7C3000%7C%7C%7C&sdata=a8%2F3eUZlwam9Tif2qeGNgp2aZWRl8l6026u > > J5ID0cyg%3D&reserved=0 > > > > Diff file of the text: > > > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > www.rfc-editor.org%2Fauthors%2Frfc9464- > > diff.html&data=05%7C01%7Cmohamed.boucadair%40orange.com%7Cb2a1f0de > > e85244493d1908dbb0e0e24c%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C > > 0%7C638298252306846778%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDA > > iLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sd > > ata=MiclK0p0x%2FwWwjK6hdOs5aRRBV6AfmvzSH1hZA1pxO0%3D&reserved=0 > > > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > www.rfc-editor.org%2Fauthors%2Frfc9464- > > rfcdiff.html&data=05%7C01%7Cmohamed.boucadair%40orange.com%7Cb2a1f > > 0dee85244493d1908dbb0e0e24c%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0 > > %7C0%7C638298252306846778%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAw > > MDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C > > &sdata=U6xedH0t5w2ciI7Uc2Jg3jYw0C%2BCKXIJwS%2Fy8mGqCG0%3D&reserved > > =0 (side by side) > > > > Diff of the XML: > > > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > www.rfc-editor.org%2Fauthors%2Frfc9464- > > xmldiff1.html&data=05%7C01%7Cmohamed.boucadair%40orange.com%7Cb2a1 > > f0dee85244493d1908dbb0e0e24c%7C90c7a20af34b40bfbc48b9253b6f5d20%7C > > 0%7C0%7C638298252306846778%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjA > > wMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7 > > C&sdata=BMT9%2BLuSD5RDu9QFtfvDmaiKeQt7DG7QUBJJhH1SjGE%3D&reserved= > > 0 > > > > This diff file compares an altered original and the RFC > > (in order to make the changes in moved text viewable): > > > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > www.rfc-editor.org%2Fauthors%2Frfc9464-alt- > > diff.html&data=05%7C01%7Cmohamed.boucadair%40orange.com%7Cb2a1f0de > > e85244493d1908dbb0e0e24c%7C90c7a20af34b40bfbc48b9253b6f5d20%7C0%7C > > 0%7C638298252306846778%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDA > > iLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sd > > ata=jFixXSJXkUar7rD9uvhkGXCcdPOLLWIztsXE3slNgmE%3D&reserved=0 > > > > Tracking progress > > ----------------- > > > > The details of the AUTH48 status of your document are here: > > > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2F > > www.rfc- > > editor.org%2Fauth48%2Frfc9464&data=05%7C01%7Cmohamed.boucadair%40o > > range.com%7Cb2a1f0dee85244493d1908dbb0e0e24c%7C90c7a20af34b40bfbc4 > > 8b9253b6f5d20%7C0%7C0%7C638298252306846778%7CUnknown%7CTWFpbGZsb3d > > 8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3 > > D%7C3000%7C%7C%7C&sdata=9pKsy6EOrWJesRXiI%2F2%2BjSeLkQBPV18FvKScRJ > > 97Oag%3D&reserved=0 > > > > Please let us know if you have any questions. > > > > Thank you for your cooperation, > > > > RFC Editor > > > > -------------------------------------- > > RFC9464 (draft-ietf-ipsecme-add-ike-14) > > > > Title : Internet Key Exchange Protocol Version 2 > > (IKEv2) Configuration for Encrypted DNS > > Author(s) : M. Boucadair, T. Reddy.K, D. Wing, V. Smyslov > > WG Chair(s) : Yoav Nir, Tero Kivinen > > Area Director(s) : Roman Danyliw, Paul Wouters > ______________________________________________________________________________________ > ______________________ > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne > doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez > le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles > d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > This message and its attachments may contain confidential or privileged information that may be > protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete this message and its > attachments. > As emails may be altered, Orange is not liable for messages that have been modified, changed or > falsified. > Thank you.
- [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-ipsec… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… mohamed.boucadair
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… mohamed.boucadair
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… Valery Smyslov
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… mohamed.boucadair
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… mohamed.boucadair
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… mohamed.boucadair
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… tirumal reddy
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… Valery Smyslov
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… Dan Wing
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… mohamed.boucadair
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… Roman Danyliw
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… mohamed.boucadair
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… mohamed.boucadair
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… mohamed.boucadair
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9464 <draft-ietf-i… Lynne Bartholomew