IETF Logo Mail Archive

Re: [auth48] AUTH48: RFC-to-be 9478 <draft-ietf-ipsecme-labeled-ipsec-12> for your review

Paul Wouters <paul.wouters@aiven.io> Wed, 20 September 2023 03:32 UTC

Return-Path: <paul.wouters@aiven.io>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C548C15198D for <auth48archive@ietfa.amsl.com>; Tue, 19 Sep 2023 20:32:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ib-ZH8Hs-WEM for <auth48archive@ietfa.amsl.com>; Tue, 19 Sep 2023 20:32:21 -0700 (PDT)
Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 137EBC15108D for <auth48archive@rfc-editor.org>; Tue, 19 Sep 2023 20:32:21 -0700 (PDT)
Received: by mail-wr1-x42d.google.com with SMTP id ffacd0b85a97d-31c8321c48fso259414f8f.1 for <auth48archive@rfc-editor.org>; Tue, 19 Sep 2023 20:32:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; t=1695180739; x=1695785539; darn=rfc-editor.org; h=to:cc:message-id:subject:date:mime-version:from :content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=Lqyb4LOooYtzd20L7yS4CpQTQpEQoQf8J63sR0Iyun8=; b=gEbdsIxgAGirwWiPJ6pkRjB+ToHRexeMDkIqGHjsUJsZ6ffNPSmx0YGIef4ebXAFGP Sc70healogl5oIswkS1RAZpaEjP7GJvKjenr+gJ6kWfnHepHeCOlHrjPxbtbMj6s4Bn6 1liW1kp0LXHOETlOD/eCA/IUteR87Qw+F6Ttg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695180739; x=1695785539; h=to:cc:message-id:subject:date:mime-version:from :content-transfer-encoding:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=Lqyb4LOooYtzd20L7yS4CpQTQpEQoQf8J63sR0Iyun8=; b=sUEf2sKqTpRo0t0m94kBnBcf5yWZ1DDZTZYjds4V+IK1WPDiepVGOxNxkaQRhg2MVn MIpIY8+DO1Eil3AKFAW1304C8JVowsTTSepSekRnwt9uC5rp4qv+qiR0fOIIxc+hEInC ip8juSRkZX7w4uKrsaVql4Chq1BcKHDyX32vt86c841GJkb1HbkDQHpqjJObOP74ob5d D9ra5xwCSqpoQHFRgTSfdxeUT95heba0csenSi7uFAiW908xSvRo3YdFdh3GZLfnVs/s Pw56RVGp+3X+wFJx9h9R5Gxv8qk4IL4Lw0MHSLJMaaufKQqy0KaS7AV+Z/n+MFrrufS/ 5TKg==
X-Gm-Message-State: AOJu0Yx8RZuWmYFU5lh5LLfAFfVwEzN+f8Kx61rpteE6PeNg50/xnzRQ 1QHZluUdc7FlEpJM9boW2HA4YQ==
X-Google-Smtp-Source: AGHT+IEd12odY6c8TEG1eVVHnz6UdkjHIeN21tZvq5gi5lith68B9sWtInLW0z0qYbGnIpa7AybVhQ==
X-Received: by 2002:a5d:6991:0:b0:31f:7324:d47d with SMTP id g17-20020a5d6991000000b0031f7324d47dmr3640256wru.1.1695180739353; Tue, 19 Sep 2023 20:32:19 -0700 (PDT)
Received: from smtpclient.apple (135-23-99-22.cpe.pppoe.ca. [135.23.99.22]) by smtp.gmail.com with ESMTPSA id o19-20020ac841d3000000b0040fdf9a53e6sm4278711qtm.82.2023.09.19.20.32.18 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 19 Sep 2023 20:32:18 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Paul Wouters <paul.wouters@aiven.io>
Mime-Version: 1.0 (1.0)
Date: Tue, 19 Sep 2023 23:32:06 -0400
Message-Id: <408F5288-AF14-4318-823A-A236C1AAD02D@aiven.io>
Cc: sahana@redhat.com, ipsecme-ads@ietf.org, ipsecme-chairs@ietf.org, kivinen@iki.fi, Roman Danyliw <rdd@cert.org>, auth48archive@rfc-editor.org, RFC Editor <rfc-editor@rfc-editor.org>
To: Madison Church <mchurch@amsl.com>
X-Mailer: iPhone Mail (20C65)
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/_XoYi0ZJJ5tANw4LlLIelwHiDmM>
Subject: Re: [auth48] AUTH48: RFC-to-be 9478 <draft-ietf-ipsecme-labeled-ipsec-12> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Sep 2023 03:32:25 -0000

Thanks for the ping. We will get back to you in the next few days.

Sent using a virtual keyboard on a phone

> On Sep 19, 2023, at 16:01, Madison Church <mchurch@amsl.com> wrote:
> 
> Greetings,
> 
> This is a friendly weekly reminder that this document awaits your attention.  Please review the document-specific questions and AUTH48 announcement. Let us know if we can be of assistance as you begin the AUTH48 review process.
> 
> The AUTH48 status page of this document is viewable at:
>  http://www.rfc-editor.org/auth48/rfc9478
> 
> The AUTH48 FAQs are available at:
>  https://www.rfc-editor.org/faq/#auth48
> 
> We look forward to hearing from you at your earliest convenience.
> 
> Thank you,
> RFC Editor/mc
> 
>> On Sep 12, 2023, at 3:50 PM, rfc-editor@rfc-editor.org wrote:
>> 
>> Authors,
>> 
>> While reviewing this document during AUTH48, please resolve (as necessary) the following questions, which are also in the XML file.
>> 
>> 1) <!-- [rfced] Please note that the title of the document has been updated as
>> follows. Abbreviations have been expanded per Section 3.6 of RFC 7322
>> ("RFC Style Guide").
>> 
>> Original:
>>  Labeled IPsec Traffic Selector support for IKEv2
>> 
>> Current:
>>  Labeled IPsec Traffic Selector Support for the    
>>  Internet Key Exchange Protocol Version 2 (IKEv2) -->
>> 
>> 
>> 2) <!-- [rfced] Please review whether any of the notes in this document
>> should be in the <aside> element. It is defined as "a container for 
>> content that is semantically less important or tangential to the 
>> content that surrounds it" (https://authors.ietf.org/en/rfcxml-vocabulary#aside). -->
>> 
>> 
>> 3) <!-- [rfced] May we rephrase the following sentence for readability?
>> 
>> Original: 
>>  That is, the IKE implementation might not have any knowledge of the
>>  meaning of this selector, other than as a type and opaque value to
>>  pass to the SPD.
>> 
>> Perhaps: 
>>  That is, the IKE implementation might not have any knowledge regarding
>>  the meaning of this selector other than recognizing it as a type and
>>  opaque value to pass to the SPD. -->
>> 
>> 
>> 4) <!-- [rfced] We are unable to parse the following sentence, particularly
>> "start and end address/port match". Please let us know how we can update
>> this text for clarity.
>> 
>> Original: 
>>  If multiple Security Labels are allowed for a given IP protocol,
>>  start and end address/port match, the initiator includes all of
>>  the acceptable TS_SECLABEL's and the responder MUST select one 
>>  of them.
>> 
>> Perhaps: 
>>  If multiple Security Labels are allowed for a given IP protocol, such
>>  as a start and end address/port match, the initiator includes all the
>>  TS_SECLABELs that are acceptable, and the responder MUST select one of 
>>  them. -->
>> 
>> 
>> 5) <!-- [rfced] We have clarified and rephrased the following sentence to limit
>> the repetition of the word "first". Please let us know any objections.
>> 
>> Original: 
>>  If the initiator does not support this, and wants to prevent the
>>  responder from picking different labels for the TSi / TSr payloads, 
>>  it should attempt a Child SA negotiation with only the first Security 
>>  Label first, and upon failure retry a new Child SA negotiation with 
>>  only the second Security Label.
>> 
>> Current: 
>>  If the initiator does not support this and wants to prevent the
>>  responder from picking different labels for the TSi/TSr payloads,
>>  it should attempt a Child SA negotiation and start with the first 
>>  Security Label only. Upon failure, the initiator should retry a 
>>  new Child SA negotiation with only the second Security Label. -->
>> 
>> 
>> 6) <!--[rfced] Please confirm that you would like to point to this reference
>> even though there is a note stating that it was withdrawn as of
>> October 2015 (see the warning at
>> <https://csrc.nist.gov/pubs/fips/188/finals>).
>> 
>> Current:
>>  [FIPS188]  National Institute of Standards and Technology (NIST),
>>             "Standard Security Label for Information Transfer", FIPS
>>             PUB 188, September 1994,
>>             <https://csrc.nist.gov/publications/detail/fips/188/
>>             archive/1994-09-06>.--> 
>> 
>> 
>> 7) <!-- [rfced] Terminology
>> 
>> a) The following terms appear to be used inconsistently, so we updated the
>> text to reflect the latter forms. Please let us know of any objections.
>> 
>> traffic selector -> Traffic Selector
>> Traffic Selector type -> Traffic Selector Type
>> TS Payload -> TS payload
>> TSi/TSr Payloads -> Tsi/TSr payloads
>> 
>> b) We notice instances of "Security Label" vs. "security label". We
>> assume that the lowercase form is used when referring to security
>> labels in general and the capitalized form is used when referring to 
>> the opaque byte stream of at least one octet. Please review this
>> term in the running text and let us know if any instances need
>> updating for consistency.-->
>> 
>> 
>> 8) <!-- [rfced] Abbreviations/Acronyms
>> 
>> a) We note that "MLS" is expanded as "Multi-Level Secure (MLS)" in RFC 5570 and 
>> "Multilevel Systems (MLS)" in this document. Would you like to update the 
>> expansion to match RFC 5570 (option i)? If you do not want to update it to match, 
>> should the abbreviation be plural (option ii)?
>> 
>> Perhaps:
>> i)  Historically, security labels used by Multi-level Secure (MLS) systems
>>   are comprised of a sensitivity level (or classification) field and a
>>   compartment (or category) field, as defined in [FIPS188] and
>>   [RFC5570]. 
>> or 
>> 
>> ii) Historically, security labels used by Multilevel Systems (MLSes) are
>>   comprised of a sensitivity level (or classification) field and a
>>   compartment (or category) field, as defined in [FIPS188] and
>>   [RFC5570]. 
>> 
>> b) We note that Section 1.2 defines two uses for the term "Traffic Selector"
>> (one with no abbreviation and one with the abbreviation "TS"). To make
>> abbreviations consistent, we suggest using "TS" after the first introduction
>> of the term where appropriate. Are there instances throughout the document
>> where we should not abbreviate this term (e.g., only abbreviating the term
>> where it modifies a noun, such as Traffic Selector Type)? -->
>> 
>> 
>> 9) <!-- [rfced] Please review the "Inclusive Language" portion of the online 
>> Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language>
>> and let us know if any changes are needed. Note that our script did not flag 
>> any words in particular, but this should still be reviewed as a best practice. -->
>> 
>> 
>> Thank you.
>> 
>> RFC Editor/mc/kc
>> 
>> 
>> On Sep 12, 2023, at 1:49 PM, rfc-editor@rfc-editor.org wrote:
>> 
>> *****IMPORTANT*****
>> 
>> Updated 2023/09/12
>> 
>> RFC Author(s):
>> --------------
>> 
>> Instructions for Completing AUTH48
>> 
>> Your document has now entered AUTH48.  Once it has been reviewed and 
>> approved by you and all coauthors, it will be published as an RFC.  
>> If an author is no longer available, there are several remedies 
>> available as listed in the FAQ (https://www.rfc-editor.org/faq/).
>> 
>> You and you coauthors are responsible for engaging other parties 
>> (e.g., Contributors or Working Group) as necessary before providing 
>> your approval.
>> 
>> Planning your review 
>> ---------------------
>> 
>> Please review the following aspects of your document:
>> 
>> *  RFC Editor questions
>> 
>> Please review and resolve any questions raised by the RFC Editor 
>> that have been included in the XML file as comments marked as 
>> follows:
>> 
>> <!-- [rfced] ... -->
>> 
>> These questions will also be sent in a subsequent email.
>> 
>> *  Changes submitted by coauthors 
>> 
>> Please ensure that you review any changes submitted by your 
>> coauthors.  We assume that if you do not speak up that you 
>> agree to changes submitted by your coauthors.
>> 
>> *  Content 
>> 
>> Please review the full content of the document, as this cannot 
>> change once the RFC is published.  Please pay particular attention to:
>> - IANA considerations updates (if applicable)
>> - contact information
>> - references
>> 
>> *  Copyright notices and legends
>> 
>> Please review the copyright notice and legends as defined in
>> RFC 5378 and the Trust Legal Provisions 
>> (TLP – https://trustee.ietf.org/license-info/).
>> 
>> *  Semantic markup
>> 
>> Please review the markup in the XML file to ensure that elements of  
>> content are correctly tagged.  For example, ensure that <sourcecode> 
>> and <artwork> are set correctly.  See details at 
>> <https://authors.ietf.org/rfcxml-vocabulary>.
>> 
>> *  Formatted output
>> 
>> Please review the PDF, HTML, and TXT files to ensure that the 
>> formatted output, as generated from the markup in the XML file, is 
>> reasonable.  Please note that the TXT will have formatting 
>> limitations compared to the PDF and HTML.
>> 
>> 
>> Submitting changes
>> ------------------
>> 
>> To submit changes, please reply to this email using ‘REPLY ALL’ as all 
>> the parties CCed on this message need to see your changes. The parties 
>> include:
>> 
>> *  your coauthors
>> 
>> *  rfc-editor@rfc-editor.org (the RPC team)
>> 
>> *  other document participants, depending on the stream (e.g., 
>>    IETF Stream participants are your working group chairs, the 
>>    responsible ADs, and the document shepherd).
>> 
>> *  auth48archive@rfc-editor.org, which is a new archival mailing list 
>>    to preserve AUTH48 conversations; it is not an active discussion 
>>    list:
>> 
>>   *  More info:
>>      https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc
>> 
>>   *  The archive itself:
>>      https://mailarchive.ietf.org/arch/browse/auth48archive/
>> 
>>   *  Note: If only absolutely necessary, you may temporarily opt out 
>>      of the archiving of messages (e.g., to discuss a sensitive matter).
>>      If needed, please add a note at the top of the message that you 
>>      have dropped the address. When the discussion is concluded, 
>>      auth48archive@rfc-editor.org will be re-added to the CC list and 
>>      its addition will be noted at the top of the message. 
>> 
>> You may submit your changes in one of two ways:
>> 
>> An update to the provided XML file
>> — OR —
>> An explicit list of changes in this format
>> 
>> Section # (or indicate Global)
>> 
>> OLD:
>> old text
>> 
>> NEW:
>> new text
>> 
>> You do not need to reply with both an updated XML file and an explicit 
>> list of changes, as either form is sufficient.
>> 
>> We will ask a stream manager to review and approve any changes that seem
>> beyond editorial in nature, e.g., addition of new text, deletion of text, 
>> and technical changes.  Information about stream managers can be found in 
>> the FAQ.  Editorial changes do not require approval from a stream manager.
>> 
>> 
>> Approving for publication
>> --------------------------
>> 
>> To approve your RFC for publication, please reply to this email stating
>> that you approve this RFC for publication.  Please use ‘REPLY ALL’,
>> as all the parties CCed on this message need to see your approval.
>> 
>> 
>> Files 
>> -----
>> 
>> The files are available here:
>> https://www.rfc-editor.org/authors/rfc9478.xml
>> https://www.rfc-editor.org/authors/rfc9478.html
>> https://www.rfc-editor.org/authors/rfc9478.pdf
>> https://www.rfc-editor.org/authors/rfc9478.txt
>> 
>> Diff file of the text:
>> https://www.rfc-editor.org/authors/rfc9478-diff.html
>> https://www.rfc-editor.org/authors/rfc9478-rfcdiff.html (side by side)
>> 
>> Diff of the XML: 
>> https://www.rfc-editor.org/authors/rfc9478-xmldiff1.html
>> 
>> The following files are provided to facilitate creation of your own 
>> diff files of the XML.  
>> 
>> Initial XMLv3 created using XMLv2 as input:
>> https://www.rfc-editor.org/authors/rfc9478.original.v2v3.xml 
>> 
>> XMLv3 file that is a best effort to capture v3-related format updates 
>> only: 
>> https://www.rfc-editor.org/authors/rfc9478.form.xml
>> 
>> 
>> Tracking progress
>> -----------------
>> 
>> The details of the AUTH48 status of your document are here:
>> https://www.rfc-editor.org/auth48/rfc9478
>> 
>> Please let us know if you have any questions.  
>> 
>> Thank you for your cooperation,
>> 
>> RFC Editor
>> 
>> --------------------------------------
>> RFC9478 (draft-ietf-ipsecme-labeled-ipsec-12)
>> 
>> Title            : Labeled IPsec Traffic Selector support for IKEv2
>> Author(s)        : P. Wouters, S. Prasad
>> WG Chair(s)      : Yoav Nir, Tero Kivinen
>> 
>> Area Director(s) : Roman Danyliw, Paul Wouters
>> 
>> 
>>

v2.23.0 | Report a Bug | By Email