Re: [btns] Minor connection-latch problem in AUTH48

"Laganier, Julien" <julienl@qualcomm.com> Fri, 16 October 2009 22:49 UTC

Return-Path: <julienl@qualcomm.com>
X-Original-To: btns@core3.amsl.com
Delivered-To: btns@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 902343A67AA for <btns@core3.amsl.com>; Fri, 16 Oct 2009 15:49:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.583
X-Spam-Level:
X-Spam-Status: No, score=-105.583 tagged_above=-999 required=5 tests=[AWL=1.016, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2NbMTL9xr5Ev for <btns@core3.amsl.com>; Fri, 16 Oct 2009 15:49:40 -0700 (PDT)
Received: from wolverine01.qualcomm.com (wolverine01.qualcomm.com [199.106.114.254]) by core3.amsl.com (Postfix) with ESMTP id 959943A694D for <btns@ietf.org>; Fri, 16 Oct 2009 15:49:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=julienl@qualcomm.com; q=dns/txt; s=qcdkim; t=1255733385; x=1287269385; h=from:to:cc:date:subject:thread-topic:thread-index: message-id:references:in-reply-to:accept-language: content-language:x-ms-has-attach:x-ms-tnef-correlator: acceptlanguage:content-type:content-transfer-encoding: mime-version:x-ironport-av; z=From:=20"Laganier,=20Julien"=20<julienl@qualcomm.com> |To:=20Nicolas=20Williams=20<Nicolas.Williams@sun.com> |CC:=20"btns@ietf.org"=20<btns@ietf.org>|Date:=20Fri,=201 6=20Oct=202009=2015:49:41=20-0700|Subject:=20RE:=20[btns] =20Minor=20connection-latch=20problem=20in=20AUTH48 |Thread-Topic:=20[btns]=20Minor=20connection-latch=20prob lem=20in=20AUTH48|Thread-Index:=20AcpOqKBFczXeTb4CTs+CFM/ u0zhK1wACgwDA|Message-ID:=20<BF345F63074F8040B58C00A186FC A57F1C2A67DFD7@NALASEXMB04.na.qualcomm.com>|References: =20<20091015221608.GC907@Sun.COM>=0D=0A=20<BF345F63074F80 40B58C00A186FCA57F1C2A67DF98@NALASEXMB04.na.qualcomm.com> =0D=0A=20<20091016203953.GQ892@Sun.COM>=0D=0A=20<BF345F63 074F8040B58C00A186FCA57F1C2A67DFC1@NALASEXMB04.na.qualcom m.com>=0D=0A=20<20091016211652.GV892@Sun.COM> |In-Reply-To:=20<20091016211652.GV892@Sun.COM> |Accept-Language:=20en-US|Content-Language:=20en-US |X-MS-Has-Attach:|X-MS-TNEF-Correlator:|acceptlanguage: =20en-US|Content-Type:=20text/plain=3B=20charset=3D"us-as cii"|Content-Transfer-Encoding:=20quoted-printable |MIME-Version:=201.0|X-IronPort-AV:=20E=3DMcAfee=3Bi=3D"5 300,2777,5773"=3B=20a=3D"25434639"; bh=zBpCa/7BrjIsn3dSErnBYENPz0Qhncz6EZ3VwFyBDTw=; b=OjwSVkCp7FXKih++p0FRoihdfDcASMuSigIxPeUAKU/mFiyQNczCrUNb swljAaOU6id/m+WhDfecrV2o8HMLyhjN0w+QLst1eHNzP9WL7evZ9OSdD PN/RfpPbty3dGKxPm+GxreITaWc2b+7JRC3RM8fyHapzzeun2OnMLRUR/ 4=;
X-IronPort-AV: E=McAfee;i="5300,2777,5773"; a="25434639"
Received: from pdmz-ns-mip.qualcomm.com (HELO numenor.qualcomm.com) ([199.106.114.10]) by wolverine01.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 16 Oct 2009 15:49:45 -0700
Received: from totoro.qualcomm.com (totoro.qualcomm.com [129.46.61.158]) by numenor.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id n9GMniFY008129 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 16 Oct 2009 15:49:45 -0700
Received: from nasanexhub02.na.qualcomm.com (nasanexhub02.na.qualcomm.com [10.46.143.120]) by totoro.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id n9GMniu0024033 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Fri, 16 Oct 2009 15:49:44 -0700 (PDT)
Received: from nalasexhub04.na.qualcomm.com (10.47.130.55) by nasanexhub02.na.qualcomm.com (10.46.143.120) with Microsoft SMTP Server (TLS) id 8.2.176.0; Fri, 16 Oct 2009 15:49:43 -0700
Received: from NALASEXMB04.na.qualcomm.com ([10.47.7.118]) by nalasexhub04.na.qualcomm.com ([10.47.130.55]) with mapi; Fri, 16 Oct 2009 15:49:43 -0700
From: "Laganier, Julien" <julienl@qualcomm.com>
To: Nicolas Williams <Nicolas.Williams@sun.com>
Date: Fri, 16 Oct 2009 15:49:41 -0700
Thread-Topic: [btns] Minor connection-latch problem in AUTH48
Thread-Index: AcpOqKBFczXeTb4CTs+CFM/u0zhK1wACgwDA
Message-ID: <BF345F63074F8040B58C00A186FCA57F1C2A67DFD7@NALASEXMB04.na.qualcomm.com>
References: <20091015221608.GC907@Sun.COM> <BF345F63074F8040B58C00A186FCA57F1C2A67DF98@NALASEXMB04.na.qualcomm.com> <20091016203953.GQ892@Sun.COM> <BF345F63074F8040B58C00A186FCA57F1C2A67DFC1@NALASEXMB04.na.qualcomm.com> <20091016211652.GV892@Sun.COM>
In-Reply-To: <20091016211652.GV892@Sun.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "btns@ietf.org" <btns@ietf.org>
Subject: Re: [btns] Minor connection-latch problem in AUTH48
X-BeenThere: btns@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Better-Than-Nothing-Security Working Group discussion list <btns.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/btns>, <mailto:btns-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/btns>
List-Post: <mailto:btns@ietf.org>
List-Help: <mailto:btns-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/btns>, <mailto:btns-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Oct 2009 22:49:41 -0000

Nicolas Williams wrote:
> 
> On Fri, Oct 16, 2009 at 02:13:13PM -0700, Laganier, Julien wrote:
> > Nicolas Williams wrote
> > > Perhaps the WG would say that we should REQUIRE that the key
> manager
> > > initiate IKE/child SAs ahead of any triggering packet as a
> > > simplification of the model (then we don't need a LARVAL state).
> But I
> > > could certainly see implementors not wanting to do that (for one it
> > > makes the CREATE_CONNECTION_LATCH() call slow).
> >
> > I think this is the external behavior that we want to capture. The
> > specifics of how a given implementation achieves that need not to be
> > specified in the RFC as long as the conceptual behavior is clear and
> > guarantees interoperability.
> 
> Let me re-think the text.  Perhaps I'll simply add a note that an
> implementor whose key manager does not immediately initiake IKE/child
> SAs on CREATE_CONNECTION_LATCH() must have a larval state that we don't
> describe.
> 
> Would that work?

Yup - sounds good. (and maybe transient or intermediate is better than larval to describe that state...)

--julien