Re: [Gen-art] Re: [MSEC] Re: gen-art review of draft-ietf-msec-mikey-rsa-r-04.txt
Scott W Brim <swb@employees.org> Wed, 24 May 2006 11:03 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Fir9G-0006Ql-RK; Wed, 24 May 2006 07:03:30 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Fir9F-0006Qg-Rx for gen-art@ietf.org; Wed, 24 May 2006 07:03:29 -0400
Received: from willers.employees.org ([192.83.249.36]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Fir9E-0008LI-IJ for gen-art@ietf.org; Wed, 24 May 2006 07:03:29 -0400
Received: from [10.86.240.82] (bxb-natpool-121.cisco.com [12.159.148.121]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by willers.employees.org (Postfix) with ESMTP id 85C235CC69; Wed, 24 May 2006 04:03:22 -0700 (PDT)
Message-ID: <44743D79.7000805@employees.org>
Date: Wed, 24 May 2006 07:03:21 -0400
From: Scott W Brim <swb@employees.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2) Gecko/20060308 Thunderbird/1.5.0.2 Mnenhy/0.7.4.0
MIME-Version: 1.0
To: Lakshminath Dondeti <ldondeti@qualcomm.com>
Subject: Re: [Gen-art] Re: [MSEC] Re: gen-art review of draft-ietf-msec-mikey-rsa-r-04.txt
References: <20060518205223.GA4520@sbrim-wxp01> <6.2.5.6.2.20060520184839.054f3a00@qualcomm.com> <6.2.5.6.2.20060523161936.05e9bd30@qualcomm.com>
In-Reply-To: <6.2.5.6.2.20060523161936.05e9bd30@qualcomm.com>
X-Enigmail-Version: 0.94.0.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f607d15ccc2bc4eaf3ade8ffa8af02a0
Cc: audet@nortel.com, canetti@watson.ibm.com, housley@vigilsec.com, msec@securemulticast.org, dignjatic@polycom.com, linping@nortel.com, hartmans-ietf@mit.edu, gen-art@ietf.org
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Errors-To: gen-art-bounces@ietf.org
On 05/23/2006 19:20 PM, Lakshminath Dondeti allegedly wrote: > Hi Scott, > > We have received all the reviews and are now ready to update the > document, once you give the go ahead that the proposed resolutions are > ok. Please let us know at your earliest convenience. Thanks. Sorry, I was shuffling between email accounts and misplaced your mail! I'm happy with all your suggestions except as noted below (all positive). > At 07:11 PM 5/20/2006, Lakshminath Dondeti wrote: >>> From: Scott W Brim [mailto:sbrim@cisco.com] >>> Here is a related SHOULD issue: >>> >>> o If a RAND payload is present in the I_MESSAGE, both sides use >>> that RAND payload as the RAND value in the MIKEY key >>> computation. In case of multicast, if a RAND payload is present >>> in the I_MESSAGE, the Responder SHOULD ignore the payload. In >>> any case, the R_MESSAGE for multicast communication MUST contain >>> a RAND payload and that RAND payload is used for key >>> computation. >>> >>> So the sender should omit the RAND payload in the multicast case >>> stated above), and if sent, the receiver SHOULD ignore it. Under what >>> conditions is it appropriate for the receiver NOT to ignore it? >>> Should this be a MUST? >> >> The responder (group sender or controller) may choose to use the RAND >> payload to seed it's random number generator, but I don't want to >> suggest that in the draft, as that is merely a technique not central >> to the operation of the protocol. I am ok with MUST ignore it. Even >> with that end systems may choose to use the RAND information, but that >> does not impact externally observable behavior. So there is no reason to disallow it. It sounds to me like you want a MAY ignore. >>> ... and then two more, unrelated: >>> >>> The Initiator MAY also send security policy (SP) payload(s) >>> containing all the security policies that it supports. If the >>> Responder does not support any of the policies included, it SHOULD >>> reply with an Error message of type "Invalid SPpar" (Error no. 10). >> >> 5.1 and 5.1.2 of RFC 3830 suggest SHOULD and we are continuing that >> here. I guess the intention is to allow silent discarding. Other >> signaling (SIP for instance) could indicate that the security context >> establishment did not succeed. We want to allow that. Thoughts? >> >>> Under what conditions would the Responder not reply with that error >>> message? Is this a MAY? Perhaps you could say something like: SHOULD reply with an error message ... for fast resolution of the state, but a response is not required for the protocol to work, and is not needed if it is known that another protocol such as SIP will indicate that the security context establishment did not succeed. Thanks much ... Scott _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] gen-art review of draft-ietf-msec-mikey… Scott W Brim
- [Gen-art] Re: gen-art review of draft-ietf-msec-m… Lakshminath Dondeti
- [Gen-art] Re: [MSEC] Re: gen-art review of draft-… Lakshminath Dondeti
- Re: [Gen-art] Re: [MSEC] Re: gen-art review of dr… Scott W Brim