IETF Logo Mail Archive

Re: [Gen-art] Gen-ART Last Call review of draft-ietf-ipsecme-ikev2-fragmentation-05

Jari Arkko <jari.arkko@piuha.net> Wed, 23 April 2014 15:54 UTC

Return-Path: <jari.arkko@piuha.net>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A5F71A02C6 for <gen-art@ietfa.amsl.com>; Wed, 23 Apr 2014 08:54:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.172
X-Spam-Level:
X-Spam-Status: No, score=-1.172 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_SUMOF=1, RP_MATCHES_RCVD=-0.272] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3mziEmM8O84I for <gen-art@ietfa.amsl.com>; Wed, 23 Apr 2014 08:54:33 -0700 (PDT)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130]) by ietfa.amsl.com (Postfix) with ESMTP id 878BD1A0365 for <gen-art@ietf.org>; Wed, 23 Apr 2014 08:54:32 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 13D262CD0E; Wed, 23 Apr 2014 18:54:25 +0300 (EEST)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ixDSP-GUc67V; Wed, 23 Apr 2014 18:54:23 +0300 (EEST)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2a00:1d50:2::130]) by p130.piuha.net (Postfix) with ESMTP id EBB122CC48; Wed, 23 Apr 2014 18:54:21 +0300 (EEST)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Jari Arkko <jari.arkko@piuha.net>
In-Reply-To: <532235BA.3030006@ericsson.com>
Date: Wed, 23 Apr 2014 12:54:22 -0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <7D51D4B3-07A2-41C4-8A13-67D10921499C@piuha.net>
References: <E87B771635882B4BA20096B589152EF62862687F@eusaamb107.ericsson.se> <C10F3E57F0DA43CFA8B3A95FC0A780A1@buildpc> <532235BA.3030006@ericsson.com>
To: Suresh Krishnan <suresh.krishnan@ericsson.com>
X-Mailer: Apple Mail (2.1510)
Archived-At: http://mailarchive.ietf.org/arch/msg/gen-art/oWn5IlzutKtei9GZGHp-ajhEkDE
Cc: General Area Review Team <gen-art@ietf.org>, draft-ietf-ipsecme-ikev2-fragmentation.all@tools.ietf.org, Valery Smyslov <svan@elvis.ru>
Subject: Re: [Gen-art] Gen-ART Last Call review of draft-ietf-ipsecme-ikev2-fragmentation-05
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Apr 2014 15:54:34 -0000

Suresh: Thank you very much for the review, and Valery for making the changes. I have placed the no-objection position for this document in tomorrow's IESG telechat.

Jari

On Mar 13, 2014, at 7:48 PM, Suresh Krishnan <suresh.krishnan@ericsson.com> wrote:

> Hi Valery,
>  Thanks a lot for quickly addressing my comments. Your proposed resolutions sound good to me.
> 
> Cheers
> Suresh
> 
> On 03/13/2014 02:03 AM, Valery Smyslov wrote:
>> Hi Suresh,
>> thank you for the review. Please find my answers below.
>> 
>>    ----- Original Message -----
>>    *From:* Suresh Krishnan <mailto:suresh.krishnan@ericsson.com>
>>    *To:* draft-ietf-ipsecme-ikev2-fragmentation.all@tools.ietf.org
>>    <mailto:draft-ietf-ipsecme-ikev2-fragmentation.all@tools.ietf.org> ;
>>    General Area Review Team <mailto:gen-art@ietf.org>
>>    *Sent:* Thursday, March 13, 2014 4:50 AM
>>    *Subject:* Gen-ART Last Call review of
>>    draft-ietf-ipsecme-ikev2-fragmentation-05
>> 
>>    I am the assigned Gen-ART reviewer for
>>    draft-ietf-ipsecme-ikev2-fragmentation-05
>> 
>>    For background on Gen-ART, please see the FAQ at
>>    <http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html>.
>> 
>>    Please resolve these comments along with any other Last Call
>>    comments you may receive.
>> 
>>    Summary: This draft is almost ready for publication as a Proposed
>>    Standard but I have some suggestions that the authors may like to
>>    consider.
>> 
>>    * Retransmission and duplication
>> 
>>    It is unclear how the receiver of the message deals with lost
>>    fragments that are retransmitted. If I understand correctly, the
>>    sender only knows that all the fragments did not get to the
>>    receiver, and has no knowledge about which fragments were not
>>    received. So it ends up retransmitting all the fragments.
>> 
>> Right.
>> 
>>    This means that the receiver needs to do some form of
>>    de-duplication. Are the duplicate fragments discarded on the
>>    receiver (without verification) or are they blindly written into a
>>    reassembly buffer (after verification)? The difference is pretty
>>    significant because there is a authentication step involved for each
>>    fragment.
>> 
>> Duplicated fragments are discarded without verification. It is described
>> in Section 2.6, second bullet:
>> 
>>    o  Check, that this IKE Fragment Message is new for the receiver and
>>       not a replay.  If IKE Fragment message with the same Message ID,
>>       same Fragment Number and same Total Fragments fields was already
>>       received and successfully processed, this message is considered a
>>       replay and MUST be silently discarded.
>> 
>> Note, that this check takes place before verifying fragment authenticity
>> (next bullet).
>> 
>> If you think this text is unclear, could you please suggest how to
>> improve it?
>> 
>>    * IPv6 payload length
>> 
>>    I find this text to be a bit handwavy
>> 
>>    “   For IPv6 this estimation is difficult as there may be varying IPv6
>> 
>>        Extension headers included.”
>> 
>>    I think it would be preferable to at least estimate for the case
>>    where there are no extension headers. Suggest adding some text like
>>    this (Feel free to modify/ignore)
>> 
>>    NEW:
>> 
>>        For IPv6 Encrypted Payload content size is less than IP Datagram
>>    size
>> 
>>        by the sum of the following values in the case where there are no
>> 
>>        extension :
>> 
>>        o  IPv6 header size (40 bytes)
>> 
>>        o  UDP header size (8 bytes)
>> 
>>        o  non-ESP marker size (4 bytes if present)
>> 
>>        o  IKE Header size (28 bytes)
>> 
>>        o  Encrypted Payload header size (4 bytes)
>> 
>>        o  IV size (varying)
>> 
>>        o  padding and its size (at least 1 byte)
>> 
>>        o  ICV size (varying)
>> 
>>        The sum may be estimated as 81..85 bytes + IV + ICV + padding.
>> 
>>        If extension headers are present, the payload content size is
>>    further
>> 
>>        reduced by the sum of the size of the extension headers. The
>>    length of
>> 
>>        each extension header can be calculated as 8 * (Hdr Ext Len) bytes
>> 
>>        except for the fragment header which is always 8 bytes in length.
>> 
>> Thank you, I'll use it.
>> 
>>    * Editorial
>> 
>>    Appendix A:
>> 
>>    s/forgeg/forged/
>> 
>>    s/ reassempling/reassembly/
>> 
>> Thanks,
>> 
>> Valery.
>> 
>>    Thanks
>> 
>>    Suresh
>> 
> 
> _______________________________________________
> Gen-art mailing list
> Gen-art@ietf.org
> https://www.ietf.org/mailman/listinfo/gen-art

v2.23.0 | Report a Bug | By Email