Re: [auth48] AUTH48: RFC-to-be 9333 <draft-ietf-lwig-minimal-esp-12> for your review
rfc-editor@rfc-editor.org Fri, 04 November 2022 18:47 UTC
Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11265C1526E9; Fri, 4 Nov 2022 11:47:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.961
X-Spam-Level:
X-Spam-Status: No, score=-2.961 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, CTE_8BIT_MISMATCH=0.998, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LB-dHhz37knV; Fri, 4 Nov 2022 11:47:22 -0700 (PDT)
Received: from rfcpa.amsl.com (rfc-editor.org [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5BC3C1524BB; Fri, 4 Nov 2022 11:47:22 -0700 (PDT)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id CC2B755F68; Fri, 4 Nov 2022 11:47:22 -0700 (PDT)
To: daniel.migault@ericsson.com, guggemos@mnm-team.org
From: rfc-editor@rfc-editor.org
Cc: rfc-editor@rfc-editor.org, lwig-ads@ietf.org, lwig-chairs@ietf.org, mohit.m.sethi@ericsson.com, ek.ietf@gmail.com, auth48archive@rfc-editor.org
Content-type: text/plain; charset="UTF-8"
Message-Id: <20221104184722.CC2B755F68@rfcpa.amsl.com>
Date: Fri, 04 Nov 2022 11:47:22 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/fC6GX3hbnhtNNSIcgj_mJm8N6Oo>
Subject: Re: [auth48] AUTH48: RFC-to-be 9333 <draft-ietf-lwig-minimal-esp-12> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Nov 2022 18:47:27 -0000
Authors, While reviewing this document during AUTH48, please resolve (as necessary) the following questions, which are also in the XML file. 1) <!-- [rfced] Please insert any keywords (beyond those that appear in the title) for use on https://www.rfc-editor.org/search. --> 2) <!-- [rfced] Are the bits needed in the titles of Sections 3, 4, and 6? Current: 3. Security Parameter Index (SPI) (32 Bits) 3.1. Considerations over SPI Generation 4. Sequence Number (SN) (32 Bits) 5. Padding 6. Next Header (8 Bits) and Dummy Packets 7. ICV Perhaps: 3. Security Parameters Index (SPI) 3.1. Considerations over SPI Generation 4. Sequence Number (SN) 5. Padding 6. Next Header and Dummy Packets 7. ICV --> 3) <!-- [rfced] Please review "with [EHC-DIET-ESP] or [EHC-IKEv2]". Should this text be updated in one of the following ways for clarity? Current: With the adoption of IPsec by Internet of Things (IoT) devices with minimal IKEv2 [RFC7815] and ESP Header Compression (EHC) with [EHC-DIET-ESP] or [EHC-IKEv2], these ESP implementations MUST remain interoperable with standard ESP implementations. Perhaps: With the adoption of IPsec by Internet of Things (IoT) devices with minimal IKEv2 [RFC7815] and ESP Header Compression (EHC) [EHC-DIET-ESP] [EHC-IKEv2], these ESP implementations MUST remain interoperable with standard ESP implementations. Or: With the adoption of IPsec by Internet of Things (IoT) devices with minimal IKEv2 [RFC7815] and ESP Header Compression (EHC) with Diet-ESP [EHC-DIET-ESP] or Internet Key Exchange version 2 (IKEv2) [EHC-IKEv2], these ESP implementations MUST remain interoperable with standard ESP implementations. --> 4) <!-- [rfced] How may we clarify "also require to use the" here? Original: Nodes supporting multicast communications also require to use the IP addresses and thus SA lookup need to be performed using the longest match. Perhaps: Nodes supporting multicast communications are also required to use IP addresses; thus, SA lookup needs to be performed using the longest match. Or: Nodes supporting multicast communications also require the use of IP addresses; thus, SA lookup needs to be performed using the longest match. --> 5) <!-- [rfced] We are having trouble understanding how the text after the dash relates to the rest of the sentence. Please clarify. Original: In addition, some of these constrained devices are also likely to have a limited number of SAs - likely to be indexed over 3 bytes only for example. Perhaps: In addition, some of these constrained devices are likely to have a limited number of SAs; for example, they are likely to only be indexed over 3 bytes. --> 6) <!-- [rfced] What does "It" refer to in the second sentence below? Should this read "they" or perhaps the two sentences could be combined? Original: Some specific values or subset of SPI values could reveal the models or manufacturer of the node implementing ESP. It could also reveal some state such as "not yet rekeyed" or "rekeyed 10 times". Perhaps: Some specific values or subsets of SPI values could reveal the model or manufacturer of the node implementing ESP or reveal a state such as "not yet rekeyed" or "rekeyed 10 times". --> 7) <!-- [rfced] Please review "a very limited". Is a word missing here? Original: If a constrained host uses a very limited or even just one application, the SPI itself could indicate what kind of traffic (eg the kind of application typically running) is transmitted. --> 8) <!-- [rfced] Is "correlated by" correct, or should this read "correlated with"? Also, are both instances of "further" needed here? Original: This could be further correlated by encrypted data size to further leak information to an observer on the network. Perhaps: This could also be correlated with encrypted data size to further leak information to an observer on the network. --> 9) <!-- [rfced] FYI - We updated "its" to "their" as the antecedent seems to be the plural "sensors". Also, we updated "may not" to "do not". Original: Typically temperature sensors, wind sensors, used outdoors may not leak privacy sensitive information and most of its traffic is expected to be outbound traffic. Updated: Typically, temperature and wind sensors that are used outdoors do not leak privacy-sensitive information, and most of their traffic is expected to be outbound traffic. --> 10) <!-- [rfced] We had trouble parsing this sentence. Please let us know how we may update for clarity. Original: The RECOMMENDED way for multipurpose ESP implementation is to increment a counter for each packet sent. Perhaps: It is RECOMMENDED that multipurpose ESP implementations increment a counter for each packet sent. --> 11) <!-- [rfced] Please clarify "requires to store any information" here. Original: This requires to store any information in a stable storage - such as flash memory - that can be restored across sleeps. Perhaps: This requires devices to store any information in stable storage that can be restored across sleeps (e.g., flash memory). Or: This requires any information to be stored in stable storage that can be restored across sleeps (e.g., flash memory). --> 12) <!-- [rfced] Is "property" the correct word choice here? Or would "ability" or something else be better? Original: The size of the window should depend on the property of the network to deliver packets out of order. --> 13) <!-- [rfced] Will "is too much in the past" be clear to readers? Original: Typically, when the sending peer is using SN based on time, anti-replay may be implemented by discarding any packets that present a SN whose value is too much in the past. --> 14) <!-- [rfced] Will readers know what "It" refers to here? Original: It could accept any SN as long as it is higher than the previously received SN. --> 15) <!-- [rfced] Please confirm that the pointer to "Section 10" is correct here. We ask because we do not see "rekey" in Section 10. Original: Even for constrained devices, it is RECOMMENDED to implement some rekey mechanisms (see Section 10). --> 16) <!-- [rfced] Should "Data Payload" read "Payload Data" here to match the field name in Figure 1? Original: This would typically be the case when the Data Payload is of fixed size. --> 17) <!-- [rfced] Please review "some application use". Should this read "some applications"? Or is another meaning intended? Original: In addition, some application use - such as health applications - could leak important privacy oriented information. Perhaps: In addition, some applications (such as health applications) could leak important privacy oriented information. --> 18) <!-- [rfced] Please review "authenticated encryption (AEAD)". Should the complete expansion, i.e., "Authenticated Encryption with Associated Data (AEAD)", be used? Original: ESP can be used to authenticate only (ENCR_NULL) or to encrypt the communication. In the latter case, authenticated encryption (AEAD) is RECOMMENDED [RFC8221]. Perhaps: ESP can be used to authenticate only (ENCR_NULL) or to encrypt the communication. In the latter case, Authenticated Encryption with Associated Data (AEAD) is RECOMMENDED [RFC8221]. --> 19) <!-- [rfced] Will it be clear to readers how the text after the dash relates to the rest of the sentence? Also, is a unit of measure needed with "2" (maybe "bits")? Original: 4. Avoid Padding by sending payload data which are aligned to the cipher block length - 2 for the ESP trailer. --> 20) <!-- [rfced] FYI, we have used the <sup> element for superscript in this document. You can see how it looks in the last paragraph of Section 4. Note: In the HTML and PDF, it appears as superscript. In the text output, <sup> generates a^b. --> 21) <!-- [rfced] Terminology a) "Next Header" is capitalized in the document except in two instances of "no next header". Should this read either "no Next Header" or "No Next Header" or "no Next Header"? Or is the current okay as is? b) FYI - We updated "Security Parameter Index" to read "Security Parameters Index" per RFC 4303. c) We note inconsistencies in the terms below throughout the text. Should these be uniform? If so, please let us know which form is preferred. minimal IKEv2 vs. Minimal IKEv2 minimal ESP vs. Minimal ESP rekey mechanism vs. rekeying mechanism --> 22) <!-- [rfced] Please review the "Inclusive Language" portion of the online Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language> and let us know if any changes are needed. For example, please consider whether the following should be updated: dummy --> 23) <!-- [rfced] Some author comments are present in the XML. Please confirm that no updates related to these comments are outstanding. Note that the comments will be deleted prior to publication. --> Thank you. RFC Editor/st/rv On Nov 4, 2022, at 11:43 AM, rfc-editor@rfc-editor.org wrote: *****IMPORTANT***** Updated 2022/11/04 RFC Author(s): -------------- Instructions for Completing AUTH48 Your document has now entered AUTH48. Once it has been reviewed and approved by you and all coauthors, it will be published as an RFC. If an author is no longer available, there are several remedies available as listed in the FAQ (https://www.rfc-editor.org/faq/). You and you coauthors are responsible for engaging other parties (e.g., Contributors or Working Group) as necessary before providing your approval. Planning your review --------------------- Please review the following aspects of your document: * RFC Editor questions Please review and resolve any questions raised by the RFC Editor that have been included in the XML file as comments marked as follows: <!-- [rfced] ... --> These questions will also be sent in a subsequent email. * Changes submitted by coauthors Please ensure that you review any changes submitted by your coauthors. We assume that if you do not speak up that you agree to changes submitted by your coauthors. * Content Please review the full content of the document, as this cannot change once the RFC is published. Please pay particular attention to: - IANA considerations updates (if applicable) - contact information - references * Copyright notices and legends Please review the copyright notice and legends as defined in RFC 5378 and the Trust Legal Provisions (TLP – https://trustee.ietf.org/license-info/). * Semantic markup Please review the markup in the XML file to ensure that elements of content are correctly tagged. For example, ensure that <sourcecode> and <artwork> are set correctly. See details at <https://authors.ietf.org/rfcxml-vocabulary>. * Formatted output Please review the PDF, HTML, and TXT files to ensure that the formatted output, as generated from the markup in the XML file, is reasonable. Please note that the TXT will have formatting limitations compared to the PDF and HTML. Submitting changes ------------------ To submit changes, please reply to this email using ‘REPLY ALL’ as all the parties CCed on this message need to see your changes. The parties include: * your coauthors * rfc-editor@rfc-editor.org (the RPC team) * other document participants, depending on the stream (e.g., IETF Stream participants are your working group chairs, the responsible ADs, and the document shepherd). * auth48archive@rfc-editor.org, which is a new archival mailing list to preserve AUTH48 conversations; it is not an active discussion list: * More info: https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc * The archive itself: https://mailarchive.ietf.org/arch/browse/auth48archive/ * Note: If only absolutely necessary, you may temporarily opt out of the archiving of messages (e.g., to discuss a sensitive matter). If needed, please add a note at the top of the message that you have dropped the address. When the discussion is concluded, auth48archive@rfc-editor.org will be re-added to the CC list and its addition will be noted at the top of the message. You may submit your changes in one of two ways: An update to the provided XML file — OR — An explicit list of changes in this format Section # (or indicate Global) OLD: old text NEW: new text You do not need to reply with both an updated XML file and an explicit list of changes, as either form is sufficient. We will ask a stream manager to review and approve any changes that seem beyond editorial in nature, e.g., addition of new text, deletion of text, and technical changes. Information about stream managers can be found in the FAQ. Editorial changes do not require approval from a stream manager. Approving for publication -------------------------- To approve your RFC for publication, please reply to this email stating that you approve this RFC for publication. Please use ‘REPLY ALL’, as all the parties CCed on this message need to see your approval. Files ----- The files are available here: https://www.rfc-editor.org/authors/rfc9333.xml https://www.rfc-editor.org/authors/rfc9333.html https://www.rfc-editor.org/authors/rfc9333.pdf https://www.rfc-editor.org/authors/rfc9333.txt Diff file of the text: https://www.rfc-editor.org/authors/rfc9333-diff.html https://www.rfc-editor.org/authors/rfc9333-rfcdiff.html (side by side) Alt-diff of the text (allows you to more easily view changes where text has been deleted or moved): https://www.rfc-editor.org/authors/rfc9333-alt-diff.html Diff of the XML: https://www.rfc-editor.org/authors/rfc9333-xmldiff1.html The following files are provided to facilitate creation of your own diff files of the XML. Initial XMLv3 created using XMLv2 as input: https://www.rfc-editor.org/authors/rfc9333.original.v2v3.xml XMLv3 file that is a best effort to capture v3-related format updates only: https://www.rfc-editor.org/authors/rfc9333.form.xml Tracking progress ----------------- The details of the AUTH48 status of your document are here: https://www.rfc-editor.org/auth48/rfc9333 Please let us know if you have any questions. Thank you for your cooperation, RFC Editor -------------------------------------- RFC9333 (draft-ietf-lwig-minimal-esp-12) Title : Minimal IP Encapsulating Security Payload (ESP) Author(s) : D. Migault, T. Guggemos WG Chair(s) : Zhen Cao, Mohit Sethi Area Director(s) : Erik Kline, Éric Vyncke
- [auth48] AUTH48: RFC-to-be 9333 <draft-ietf-lwig-… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9333 <draft-ietf-l… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9333 <draft-ietf-l… Daniel Migault
- Re: [auth48] AUTH48: RFC-to-be 9333 <draft-ietf-l… Rebecca VanRheenen
- Re: [auth48] AUTH48: RFC-to-be 9333 <draft-ietf-l… Rebecca VanRheenen
- Re: [auth48] AUTH48: RFC-to-be 9333 <draft-ietf-l… Daniel Migault
- Re: [auth48] AUTH48: RFC-to-be 9333 <draft-ietf-l… Rebecca VanRheenen
- Re: [auth48] AUTH48: RFC-to-be 9333 <draft-ietf-l… Daniel Migault
- Re: [auth48] AUTH48: RFC-to-be 9333 <draft-ietf-l… Rebecca VanRheenen
- Re: [auth48] AUTH48: RFC-to-be 9333 <draft-ietf-l… Daniel Migault
- [auth48] [AD] Re: AUTH48: RFC-to-be 9333 <draft-i… Rebecca VanRheenen
- Re: [auth48] [AD] Re: AUTH48: RFC-to-be 9333 <dra… Daniel Migault
- Re: [auth48] [AD] AUTH48: RFC-to-be 9333 <draft-i… Rebecca VanRheenen
- Re: [auth48] [AD] AUTH48: RFC-to-be 9333 <draft-i… Rebecca VanRheenen
- Re: [auth48] [AD] AUTH48: RFC-to-be 9333 <draft-i… Erik Kline
- Re: [auth48] [AD] AUTH48: RFC-to-be 9333 <draft-i… Daniel Migault
- Re: [auth48] [AD] AUTH48: RFC-to-be 9333 <draft-i… Rebecca VanRheenen
- Re: [auth48] [AD] AUTH48: RFC-to-be 9333 <draft-i… Daniel Migault
- Re: [auth48] [AD] AUTH48: RFC-to-be 9333 <draft-i… Rebecca VanRheenen
- Re: [auth48] [AD] AUTH48: RFC-to-be 9333 <draft-i… Erik Kline
- Re: [auth48] [AD] AUTH48: RFC-to-be 9333 <draft-i… Rebecca VanRheenen
- Re: [auth48] [AD] AUTH48: RFC-to-be 9333 <draft-i… Erik Kline
- Re: [auth48] [AD] AUTH48: RFC-to-be 9333 <draft-i… Rebecca VanRheenen
- Re: [auth48] [AD] AUTH48: RFC-to-be 9333 <draft-i… Daniel Migault