Re: [Gen-art] Gen-art last call review of draft-ietf-msec-gdoi-update-09
Elwyn Davies <elwynd@dial.pipex.com> Mon, 01 August 2011 16:39 UTC
Return-Path: <elwynd@dial.pipex.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A99711E808E for <gen-art@ietfa.amsl.com>; Mon, 1 Aug 2011 09:39:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.324
X-Spam-Level:
X-Spam-Status: No, score=-102.324 tagged_above=-999 required=5 tests=[AWL=0.275, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4pTIpHYflIuJ for <gen-art@ietfa.amsl.com>; Mon, 1 Aug 2011 09:39:46 -0700 (PDT)
Received: from b.painless.aaisp.net.uk (b.painless.aaisp.net.uk [IPv6:2001:8b0:0:30::51bb:1e34]) by ietfa.amsl.com (Postfix) with ESMTP id C0DE111E8077 for <gen-art@ietf.org>; Mon, 1 Aug 2011 09:39:45 -0700 (PDT)
Received: from 250.254.187.81.in-addr.arpa ([81.187.254.250]) by b.painless.aaisp.net.uk with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from <elwynd@dial.pipex.com>) id 1QnvWu-0002NZ-BF; Mon, 01 Aug 2011 17:39:48 +0100
From: Elwyn Davies <elwynd@dial.pipex.com>
To: Brian Weis <bew@cisco.com>
In-Reply-To: <5946695D-5E7B-4710-B341-82A6E4516277@cisco.com>
References: <1311113413.26821.25144.camel@mightyatom.folly.org.uk> <5946695D-5E7B-4710-B341-82A6E4516277@cisco.com>
Content-Type: text/plain
Date: Mon, 01 Aug 2011 17:44:39 +0100
Message-Id: <1312217079.26821.58360.camel@mightyatom.folly.org.uk>
Mime-Version: 1.0
X-Mailer: Evolution 2.26.3
Content-Transfer-Encoding: 7bit
Cc: draft-ietf-msec-gdoi-update.all@tools.ietf.org, General Area Review Team <gen-art@ietf.org>
Subject: Re: [Gen-art] Gen-art last call review of draft-ietf-msec-gdoi-update-09
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2011 16:39:46 -0000
On Fri, 2011-07-29 at 08:40 -0700, Brian Weis wrote: > Hi Elwyn, > > Thanks much for your detailed review. We'll handle your minor issues ASAP, but this email will address the major issue below. > > On Jul 19, 2011, at 3:10 PM, Elwyn Davies wrote: > > > I am the assigned Gen-ART reviewer for this draft. For background on > > Gen-ART, please see the FAQ at > > <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. > > > > Please resolve these comments along with any other Last Call comments > > you may receive. > > > > Document: draft-ietf-msec-gdoi-update-09.txt > > Reviewer: Elwyn Davies > > Review Date: 19 July 2011 > > IETF LC End Date: 19 July 2011 > > IESG Telechat date: (if known) - > > > > Summary: > > Not ready. > > > > Major issues: > > One has to ask: Why is an updated protocol being based on ISAKMP/RFC > > 2408 with references to RFC 2407 and RFC 2409 when all these are now > > obsolete? > > This is a reasonable question to ask. The rationale stated by the document shepherd addresses this question: > > "Among the normative references are 3 documents that have been obsoleted by the IPsec-v3 RFCs (RFC 4301, etc.) These RFCs were made obsolete the publication of IKEv2, without regard for the fact that although IKEv1 was directly obsoleted by IKEv2, other RFCs relying on those protocol definitions were not directly obsoleted by the publishing of IKEv2. WG chairs believe that updating GDOI as defined in RFC 3547 (and thus continuing to rely on these references) is necessary for interoperability." > > Some additional thoughts: > - There are multiple implementations of the GDOI specification. Inconsistencies have been noted in the standard that should be resolved to ensure their interoperability. As a related matter, some of the IANA definitions need to be clarified. > - GDOI was published quite early in MSEC's history. Since that time the working group published documents describing how group key management systems should interact with IPsec, and also describing how to deal with cipher counter modes. The update document brings GDOI into conformance with those later published documents. > - Because RFC 3547 was published so long ago, the required ciphers need updating to match current cryptographic guidance. > > Thanks, > Brian Hi, Brian. Clearly the WG thought this was the appropriate way forwards. If Sean and the IESG are willing to accept this as well, then I don't have a problem with this. However, I think that incorporating something like this justification either as a note after the abstract or into Section 1 would be helpful. Regards, Elwyn
- [Gen-art] Gen-art last call review of draft-ietf-… Elwyn Davies
- Re: [Gen-art] Gen-art last call review of draft-i… Brian Weis
- Re: [Gen-art] Gen-art last call review of draft-i… Elwyn Davies
- Re: [Gen-art] Gen-art last call review of draft-i… Brian Weis