Re: [Gen-art] Gen-ART Last Call review of draft-ietf-ipsecme-ikev2-fragmentation-05
Jari Arkko <jari.arkko@piuha.net> Wed, 23 April 2014 15:54 UTC
Return-Path: <jari.arkko@piuha.net>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A5F71A02C6 for <gen-art@ietfa.amsl.com>; Wed, 23 Apr 2014 08:54:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.172
X-Spam-Level:
X-Spam-Status: No, score=-1.172 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_SUMOF=1, RP_MATCHES_RCVD=-0.272] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3mziEmM8O84I for <gen-art@ietfa.amsl.com>; Wed, 23 Apr 2014 08:54:33 -0700 (PDT)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130]) by ietfa.amsl.com (Postfix) with ESMTP id 878BD1A0365 for <gen-art@ietf.org>; Wed, 23 Apr 2014 08:54:32 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 13D262CD0E; Wed, 23 Apr 2014 18:54:25 +0300 (EEST)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ixDSP-GUc67V; Wed, 23 Apr 2014 18:54:23 +0300 (EEST)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2a00:1d50:2::130]) by p130.piuha.net (Postfix) with ESMTP id EBB122CC48; Wed, 23 Apr 2014 18:54:21 +0300 (EEST)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Jari Arkko <jari.arkko@piuha.net>
In-Reply-To: <532235BA.3030006@ericsson.com>
Date: Wed, 23 Apr 2014 12:54:22 -0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <7D51D4B3-07A2-41C4-8A13-67D10921499C@piuha.net>
References: <E87B771635882B4BA20096B589152EF62862687F@eusaamb107.ericsson.se> <C10F3E57F0DA43CFA8B3A95FC0A780A1@buildpc> <532235BA.3030006@ericsson.com>
To: Suresh Krishnan <suresh.krishnan@ericsson.com>
X-Mailer: Apple Mail (2.1510)
Archived-At: http://mailarchive.ietf.org/arch/msg/gen-art/oWn5IlzutKtei9GZGHp-ajhEkDE
Cc: General Area Review Team <gen-art@ietf.org>, draft-ietf-ipsecme-ikev2-fragmentation.all@tools.ietf.org, Valery Smyslov <svan@elvis.ru>
Subject: Re: [Gen-art] Gen-ART Last Call review of draft-ietf-ipsecme-ikev2-fragmentation-05
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Apr 2014 15:54:34 -0000
Suresh: Thank you very much for the review, and Valery for making the changes. I have placed the no-objection position for this document in tomorrow's IESG telechat. Jari On Mar 13, 2014, at 7:48 PM, Suresh Krishnan <suresh.krishnan@ericsson.com> wrote: > Hi Valery, > Thanks a lot for quickly addressing my comments. Your proposed resolutions sound good to me. > > Cheers > Suresh > > On 03/13/2014 02:03 AM, Valery Smyslov wrote: >> Hi Suresh, >> thank you for the review. Please find my answers below. >> >> ----- Original Message ----- >> *From:* Suresh Krishnan <mailto:suresh.krishnan@ericsson.com> >> *To:* draft-ietf-ipsecme-ikev2-fragmentation.all@tools.ietf.org >> <mailto:draft-ietf-ipsecme-ikev2-fragmentation.all@tools.ietf.org> ; >> General Area Review Team <mailto:gen-art@ietf.org> >> *Sent:* Thursday, March 13, 2014 4:50 AM >> *Subject:* Gen-ART Last Call review of >> draft-ietf-ipsecme-ikev2-fragmentation-05 >> >> I am the assigned Gen-ART reviewer for >> draft-ietf-ipsecme-ikev2-fragmentation-05 >> >> For background on Gen-ART, please see the FAQ at >> <http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html>. >> >> Please resolve these comments along with any other Last Call >> comments you may receive. >> >> Summary: This draft is almost ready for publication as a Proposed >> Standard but I have some suggestions that the authors may like to >> consider. >> >> * Retransmission and duplication >> >> It is unclear how the receiver of the message deals with lost >> fragments that are retransmitted. If I understand correctly, the >> sender only knows that all the fragments did not get to the >> receiver, and has no knowledge about which fragments were not >> received. So it ends up retransmitting all the fragments. >> >> Right. >> >> This means that the receiver needs to do some form of >> de-duplication. Are the duplicate fragments discarded on the >> receiver (without verification) or are they blindly written into a >> reassembly buffer (after verification)? The difference is pretty >> significant because there is a authentication step involved for each >> fragment. >> >> Duplicated fragments are discarded without verification. It is described >> in Section 2.6, second bullet: >> >> o Check, that this IKE Fragment Message is new for the receiver and >> not a replay. If IKE Fragment message with the same Message ID, >> same Fragment Number and same Total Fragments fields was already >> received and successfully processed, this message is considered a >> replay and MUST be silently discarded. >> >> Note, that this check takes place before verifying fragment authenticity >> (next bullet). >> >> If you think this text is unclear, could you please suggest how to >> improve it? >> >> * IPv6 payload length >> >> I find this text to be a bit handwavy >> >> “ For IPv6 this estimation is difficult as there may be varying IPv6 >> >> Extension headers included.” >> >> I think it would be preferable to at least estimate for the case >> where there are no extension headers. Suggest adding some text like >> this (Feel free to modify/ignore) >> >> NEW: >> >> For IPv6 Encrypted Payload content size is less than IP Datagram >> size >> >> by the sum of the following values in the case where there are no >> >> extension : >> >> o IPv6 header size (40 bytes) >> >> o UDP header size (8 bytes) >> >> o non-ESP marker size (4 bytes if present) >> >> o IKE Header size (28 bytes) >> >> o Encrypted Payload header size (4 bytes) >> >> o IV size (varying) >> >> o padding and its size (at least 1 byte) >> >> o ICV size (varying) >> >> The sum may be estimated as 81..85 bytes + IV + ICV + padding. >> >> If extension headers are present, the payload content size is >> further >> >> reduced by the sum of the size of the extension headers. The >> length of >> >> each extension header can be calculated as 8 * (Hdr Ext Len) bytes >> >> except for the fragment header which is always 8 bytes in length. >> >> Thank you, I'll use it. >> >> * Editorial >> >> Appendix A: >> >> s/forgeg/forged/ >> >> s/ reassempling/reassembly/ >> >> Thanks, >> >> Valery. >> >> Thanks >> >> Suresh >> > > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org > https://www.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Gen-ART Last Call review of draft-ietf-… Suresh Krishnan
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Suresh Krishnan
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Jari Arkko