Re: [Gen-art] Review: draft-mglt-ipsecme-clone-ike-sa-05.txt
Jari Arkko <jari.arkko@piuha.net> Thu, 03 December 2015 12:18 UTC
Return-Path: <jari.arkko@piuha.net>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 401211B3469; Thu, 3 Dec 2015 04:18:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.39
X-Spam-Level:
X-Spam-Status: No, score=0.39 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MANGLED_SIDE=2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VkkCRJIIwTxF; Thu, 3 Dec 2015 04:18:56 -0800 (PST)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130]) by ietfa.amsl.com (Postfix) with ESMTP id 6C56F1A88CF; Thu, 3 Dec 2015 04:18:55 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id BCFC92CC5D; Thu, 3 Dec 2015 14:18:54 +0200 (EET) (envelope-from jari.arkko@piuha.net)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DrnDCmdBRP65; Thu, 3 Dec 2015 14:18:54 +0200 (EET)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2a00:1d50:2::130]) by p130.piuha.net (Postfix) with ESMTP id D153D2CC5C; Thu, 3 Dec 2015 14:18:53 +0200 (EET) (envelope-from jari.arkko@piuha.net)
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Content-Type: multipart/signed; boundary="Apple-Mail=_25742974-06B2-47CF-A2F0-CA4CA53AD612"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.5.1
From: Jari Arkko <jari.arkko@piuha.net>
In-Reply-To: <56169759.2000107@joelhalpern.com>
Date: Thu, 03 Dec 2015 14:18:55 +0200
Message-Id: <9655F62E-F7CC-4D87-95F8-93A017ADB045@piuha.net>
References: <560DAE39.2030307@nostrum.com> <560EBE08.9010008@joelhalpern.com> <2DD56D786E600F45AC6BDE7DA4E8A8C11216C693@eusaamb107.ericsson.se> <56169759.2000107@joelhalpern.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/6CjYCMm-y1hB7O8ObVXGn6jrc7Q>
Cc: General Area Review Team <gen-art@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>, Valery Smyslov <svanru@gmail.com>, "draft-mglt-ipsecme-clone-ike-sa.all@ietf.org" <draft-mglt-ipsecme-clone-ike-sa.all@ietf.org>
Subject: Re: [Gen-art] Review: draft-mglt-ipsecme-clone-ike-sa-05.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2015 12:18:57 -0000
Joel, thank you very much for uncovering this issue, and thank you Daniel for addressing it. I have balloted no-obj for tonight’s IESG telechat for this document. Jari On 08 Oct 2015, at 19:18, Joel M. Halpern <jmh@joelhalpern.com> wrote: > That would work very well for me. Thank you for addressing my concerns. > Yours, > Joel > > On 10/8/15 10:20 AM, Daniel Migault wrote: >> Hi Joel, >> >> Thank you for taking time to review and comment the draft. >> >> We propose to add the following text to clarify the example in section 2 before the two last paragraphs. The following text expects to clarify the following points: >> - 1) The creation of VPN is a local policy matter >> - 2) Moving one duplicated VPN to different interfaces may involve multiple MOBIKE operations >> - 4) There is no needs to create all possible VPNs ( might be similar to item 1) >> >> The following text has been added to our local copy. If you would like us to publish a new version, feel free to let us know. Our intention is to keep the updates local until you ask us to publish the draft. >> >> BR, >> Daniel and Valery >> >> NEW TEXT -- BEGIN >> Note that it is up to host's local policy which additional VPNs to create and >> when to do it. The process of selecting address pairs for migration is >> a local matter. Furthermore, in the case of multiple interfaces on >> both ends care should be taken to avoid the VPNs to be duplicated by both ends or moved to the both interfaces. >> >> In addition multiple MOBIKE operation may be involved from the >> Security Gateway or the VPN End User. >> Suppose, as depicted in Figure 3 for example that the cloned VPN is >> between Interface _0 and Interface_0', and the VPN End User and the >> Security Gateway wants to move it to Interface_1 and Interface_1'. The >> VPN End User may initiate a MOBIKE exchange in order to move it to >> Interface_1, in which case the cloned VPN is now between Interface_1 >> and Interface_0'. Then the Security Gateway may also initiate a MOBIKE exchange in order to move the VPN to Interface_1' in which case the VPN has reached its final destination. >> NEW TEXT -- END >> >> -----Original Message----- >> From: Joel M. Halpern [mailto:jmh@joelhalpern.com] >> Sent: Friday, October 02, 2015 1:25 PM >> To: A. Jean Mahoney; General Area Review Team; draft-mglt-ipsecme-clone-ike-sa.all@ietf.org >> Subject: [Gen-art] Review: draft-mglt-ipsecme-clone-ike-sa-05.txt >> >> I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. >> >> For more information, please see the FAQ at >> >> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. >> >> Document: draft-mglt-ipsecme-clone-ike-sa-05.txt >> Cloning IKE SA in the Internet Key Exchange Protocol Version 2 (IKEv2) >> >> Reviewer: Joel M. Halpern >> Review Date: 2-Oct-2015 >> IETF LC End Date: 27-Oct-2015 >> IESG Telechat date: N/A >> >> Summary: This document is nearly ready for publication as a Propsoed Standard RFC. >> >> Major issues: >> The introductory material talks about the case where both sides have multiple interfaces. It is not clear what will happen with this mechanism in that case. >> In particular, if I have two systems, with three interfaces, it seems that this will start by creating the S1-D1 Security Association. >> It seems straightforward for each side to create their simple additional assocations (S2-D1, S3-D1, and S1-D2, S1-D3). >> But the introduction suggests that we also want to create S2-D2, S3-D3, S2-D3, and S3-D2. With no other guidance, it appears that both sides will try to create all four of those, creating 8 security associations instead of 4. >> I hope that I have simply missed something in the document that resolves this. >> >> Minor issues: >> >> Nits/editorial comments: >> > > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org > https://www.ietf.org/mailman/listinfo/gen-art
- [Gen-art] A new *batch* of IETF LC reviews - 2015… A. Jean Mahoney
- [Gen-art] Review: draft-mglt-ipsecme-clone-ike-sa… Joel M. Halpern
- Re: [Gen-art] Review: draft-mglt-ipsecme-clone-ik… Daniel Migault
- Re: [Gen-art] Review: draft-mglt-ipsecme-clone-ik… Joel M. Halpern
- Re: [Gen-art] Review: draft-mglt-ipsecme-clone-ik… Jari Arkko