Re: [Gen-art] [IPsec] Genart last call review of draft-ietf-ipsecme-qr-ikev2-09
"Valery Smyslov" <smyslov.ietf@gmail.com> Mon, 16 December 2019 12:38 UTC
Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9515120815; Mon, 16 Dec 2019 04:38:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.499
X-Spam-Level:
X-Spam-Status: No, score=-0.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=1.5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pH3maiUksy5E; Mon, 16 Dec 2019 04:38:36 -0800 (PST)
Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5EC012083E; Mon, 16 Dec 2019 04:38:35 -0800 (PST)
Received: by mail-lj1-x22a.google.com with SMTP id s22so6616142ljs.7; Mon, 16 Dec 2019 04:38:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-transfer-encoding:thread-index :content-language; bh=HfGe73aUIp0YnDgfxVsQY/vKzlA8aYDPxs4Q1pzv7DI=; b=UCOZB+TbLbweA2taB9aiLw2VSGcyupUCK1FI286aV8qGXCCauUTAcxM73XZJ1A0nY0 gXxkdA1udH5c2ZYbEkuVoZ0NQ3b0K7h5wL8nJFmRMjJO/Z+qsZPvycBKLGeHnWXV6lpc WJVAAkTJdIJLZQ9X9/HX6XnyCq0TgT7HZMQykSCllEmvLWV2MFDdUZPFzl3HeD6ZzFmO GAF2li805kDOY/uLbY58u1x3gT6MYqflzFSXyZg7KPtLK81Fh20xG5F4kAjOskWsthau dWEKbtFA5sDZuKr93cQzyAqSsqm8Ne8Va05hyq2PDTVsAeW6JJdKhYvh+4xg3JcdHOl0 Km2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:thread-index :content-language; bh=HfGe73aUIp0YnDgfxVsQY/vKzlA8aYDPxs4Q1pzv7DI=; b=QFgjDYJDBShxQQ4sGgEh0dNQO6S9C6FD7SWoEbcHzDcd4/jVhEz3+cyqNK1t1NyiSW 4WaHEKtxSj1PZnWsBfSkQBlKCqyUUR1hl5S3dLE0h29hX92KTIOFC1W1xepvMmoE0Nlf vVo64j5LAs1mcyMiVyI1TEsg44DnS+N9bHBR4TadwGux2x5EEJVRFr1gY5OOzyWQk3B6 ycK+6a3diOuogSAL/j5uckncb/Ga9BCdj4iDcPrEuofn+STKDw8ASxroAn8eV3yaaHWi SkrTPATrEKl36RTg8RmjNhVJc1yF5OPg76kJfn5afvykhnU4hCWqIUjldmbtwQWcElL3 j+aA==
X-Gm-Message-State: APjAAAUbMEsKVqJoeHKOGcO7IUDclErLSDCux15dqzPYlOnVPOJ5Z1gk CwPRrRQZZa1lrIYoPpVvf/A=
X-Google-Smtp-Source: APXvYqwCel/OqXEIkZOtrEKAexYQ9tuXkvg0I55CrpzEFCCOm3uA0O6Shbx5KqBkIMPT1zAPrwmt6g==
X-Received: by 2002:a2e:8015:: with SMTP id j21mr19909735ljg.172.1576499913671; Mon, 16 Dec 2019 04:38:33 -0800 (PST)
Received: from buildpc ([82.138.51.4]) by smtp.gmail.com with ESMTPSA id r2sm8788269lfn.13.2019.12.16.04.38.32 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 16 Dec 2019 04:38:33 -0800 (PST)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: 'Christer Holmberg' <christer.holmberg@ericsson.com>, gen-art@ietf.org
Cc: ipsec@ietf.org, last-call@ietf.org, draft-ietf-ipsecme-qr-ikev2.all@ietf.org
References: <157626827886.12929.4367951047776204825@ietfa.amsl.com>
In-Reply-To: <157626827886.12929.4367951047776204825@ietfa.amsl.com>
Date: Mon, 16 Dec 2019 15:38:30 +0300
Message-ID: <003701d5b40d$b9eeff00$2dccfd00$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQMlZcJ9+EeVN47S1gA7hAtaORoS/aUdSHDQ
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/dMzlDD7LI1iyhWYHfwi_Wg6FLEM>
Subject: Re: [Gen-art] [IPsec] Genart last call review of draft-ietf-ipsecme-qr-ikev2-09
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Dec 2019 12:38:38 -0000
Hi Christer, thank you for your review. Please, see inline. > Reviewer: Christer Holmberg > Review result: Almost Ready > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > > Document: draft-ietf-ipsecme-qr-ikev2-09 > Reviewer: Christer Holmberg > Review Date: 2019-12-13 > IETF LC End Date: 2019-12-25 > IESG Telechat date: Not scheduled for a telechat > > Summary: The document is well-written, and almost ready for publication. > However, I have a couple of minor comments that I would like the authors to > address. > > Major issues: None > > Minor issues: > > Q1: > > The Security Considerations lists IKEv2/IPSec algorithms that are not > considered quantum-resistant. However, that is not mentioned anywhere else. I > think it would be good to mention that in the Abstract and/or Introduction. Introduction already contains the following text: If the preshared key has sufficient entropy and the PRF, encryption and authentication transforms are quantum-secure, then the resulting system is believed to be quantum resistant, that is, invulnerable to an attacker with a quantum computer. We think that it is out of scope of this document to classify existing algorithms on the ground of whether they are quantum secure or not, the Security Considerations section lists only most obvious cases. > Q2: > > Section 3 says: > > "If the responder does not support this specification or does not have > any PPK configured, then it ignores the received notification and > continues with the IKEv2 protocol as normal." > > I assume the ignoring of a non-supported notification and continuing with > normal IKEv2 is part of the IKEv2 specification. If so, I suggest to say add > something like: > > ", as described in RFCXXXX." OK. > Nits/editorial comments: > > Q3: > > The Security Considerations talk about the Grover's algorithm. Please add a > reference. Added. Thank you, Valery Smyslov. > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec
- [Gen-art] Genart last call review of draft-ietf-i… Christer Holmberg via Datatracker
- Re: [Gen-art] [IPsec] Genart last call review of … Valery Smyslov
- Re: [Gen-art] [IPsec] Genart last call review of … Christer Holmberg
- Re: [Gen-art] Genart last call review of draft-ie… Alissa Cooper