IETF Logo Mail Archive

Re: [Hipsec] Need to close all draft-ietf-hip-dex-21 pending issues... before 2021-Jan-13...

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Tue, 12 January 2021 11:19 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F8283A111A; Tue, 12 Jan 2021 03:19:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.618
X-Spam-Level:
X-Spam-Status: No, score=-9.618 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=lcAnlk0V; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=dI27iGH2
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qlVStq6U36-N; Tue, 12 Jan 2021 03:19:27 -0800 (PST)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 415CA3A1116; Tue, 12 Jan 2021 03:19:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=15983; q=dns/txt; s=iport; t=1610450367; x=1611659967; h=from:to:cc:subject:date:message-id:mime-version; bh=zYgZZZ4QK4IJKHEqXoI4Si7fSQH2Q/UArCQwRfjrCxg=; b=lcAnlk0VLYcnTy5G3qOdZO9Yz9AmxTwwhYc8wfOEXRcYDxCTtiDDotTK V5osOG7smonG2Kt/gaX96JppIV1kxGPyuI27z0FupQSxv9q+y7yjrMAhb Yi/eRdte04tfx80LG6aLovYllyn30NQZfBTGgf6DNUX2VnaelmJ4FVm2I 8=;
X-IPAS-Result: A0AaCAAYhf1f/4kNJK1GHB0BAQEBCQESAQUFAYIPgSMwKSgHdlsvLoQ/g0gDjXUDihyKA4RzgUKBEQNUCwEBAQ0BASMKAgQBAYRKGYFaAiU4EwIDAQEBAwIDAQEBAQUBAQECAQYEcYVhDIVzAQYjHQEBNwERAQgRAwECKwIEHxEdCgQBDQWDJgGBflcDLgEOQKMYAooldoEygwQBAQaBR0GDFQ0LghADBoE4gnWDfQGGPiYbgUE/gREnHIJWPoEEAYEWQgICAQEVgQwFARIBQQ2CazSCLIJIFRE6AQNTIAINgSw4FgdAj1OCWwE/hzGdGFgKgneJK40XhR0DH6JgJJNuixaCeI59AYQ0AgQCBAUCDgEBBoFtIxJVcHAVZQGCCgEzUBcCDVeNSgwMCxRuAQGCSoUUhUR0AjUCBgEJAQEDCXyMXwEB
IronPort-PHdr: 9a23:+eQpnBQHXuQwnjt70YGZIS3e5tpsv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESQB9mJ5/dNkeGQsq38VyoH+5nS+HwBcZkZURgDhI1WmgE7G8eKBAX9K+KidC01GslOFToHt3G2OERYAoDyMlvVpHDh4TsbAB65NAdpKKLyAIGBx8iy3vq5rpvUZQgAjTGhYLR0eROxqwiZtsQfjYZ4bKgrzR6cqXpTcOMQzmRtdl8=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.79,341,1602547200"; d="scan'208,217";a="623986085"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 12 Jan 2021 11:19:26 +0000
Received: from XCH-RCD-002.cisco.com (xch-rcd-002.cisco.com [173.37.102.12]) by alln-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 10CBJQB5009338 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 12 Jan 2021 11:19:26 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-RCD-002.cisco.com (173.37.102.12) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 12 Jan 2021 05:19:25 -0600
Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 12 Jan 2021 06:19:24 -0500
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 12 Jan 2021 05:19:24 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gG7cVkJsYWNL7TZy39xZ3NgLiSIsUSorOVELOk9QL04PBGxo2a47lCUsno+JiFjWaSA8IU+0rW/vqHdvW2uav8fGexQa3g20+JSoJ5+WiiRKtY0CJ3S7cbcaKhCd99HjVaBOnCOtkhLSXKctcj5IA+7yTAhXk+6IKpyI/ClaImQRDV3rAZAfYRHNEhr4pp98riCNcTtDQI245jtso0t7EPVYEotc/kzJnJ1X8f5GlzUn6pvtM5LGQ23xa0ItlrV4usLdYTm8pfZUl1P1Mq1hd4RtnpdkH9jCcJAnP3xV6dZo3OottFGV0FhfU2eDMjJfoQ3ScKpR/l0urf7tAJ7XtQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zYgZZZ4QK4IJKHEqXoI4Si7fSQH2Q/UArCQwRfjrCxg=; b=ezMB5RqRm3/qheyegTh3Uu9xCfcSeBlMk2Dui6Y8VM33EqwpDIUncBFu3Ftwi0G/lHfz1yggtQPiY4i170uDoVP6D5mUQ5aeWyzdEbZFGtV/fGxQ+bGAGNJMhU2N6LxcL1/oW+OUmu+rAT3xw0DAvhCGpRaXQw/3t8ZXPzPmEKi7MW1/L+7m87IJL5KuuKtM+ZAmudCyyXTkC1KVumx2Wu+vOkGVtHlNMGlk+7qKZ4heoMeasBHg2lzxHBNyzRdG7R2q4ixiIh1e6mHf5U3Itp/1ZuE/Q0tuyIzZVXSZ8dNEs8uIbZqhd7cRr1bWTpgEtB1bCVk0GFTGYQnp/csGkw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zYgZZZ4QK4IJKHEqXoI4Si7fSQH2Q/UArCQwRfjrCxg=; b=dI27iGH2KFJEQJGU4O0ASxo0iSMzmHctBSXfthn+cKWPiPb4hFU/fCLn3zK4TBoeBzAlNe2mKdLcaNqH30uw84rk2U9Z46DJWE/+gIuXG/4NrOqRddrXPGc37IglLi7t4laq9e9IOAN9t+fGZFvjyGhXgc1fiE3/QIdEH16mupc=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by PH0PR11MB5062.namprd11.prod.outlook.com (2603:10b6:510:3e::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.6; Tue, 12 Jan 2021 11:19:23 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::7d4c:6b05:89aa:85b]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::7d4c:6b05:89aa:85b%3]) with mapi id 15.20.3742.012; Tue, 12 Jan 2021 11:19:23 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: "Eric Vyncke (evyncke)" <evyncke=40cisco.com@dmarc.ietf.org>, "hipsec@ietf.org" <hipsec@ietf.org>, "draft-ietf-hip-dex@ietf.org" <draft-ietf-hip-dex@ietf.org>, Robert Moskowitz <rgm@labs.htt-consult.com>, Miika Komu <miika.komu@ericsson.com>
CC: Roman Danyliw <rdd@cert.org>, Eric Rescorla <ekr@rtfm.com>, Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>, "rene.hummen@belden.com" <rene.hummen@belden.com>, Benjamin Kaduk <kaduk@mit.edu>, Erik Kline <ek.ietf@gmail.com>
Thread-Topic: [Hipsec] Need to close all draft-ietf-hip-dex-21 pending issues... before 2021-Jan-13...
Thread-Index: AQHW6NTHTbdGMBvqzUu6+PzV6Jo22w==
Date: Tue, 12 Jan 2021 11:19:23 +0000
Message-ID: <68AF0368-8CB8-4DF3-A33E-0AA28E61B5F5@cisco.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.44.20121301
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:c0c1:36:d478:1721:a34a:e1b1]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 88d65967-dfde-4a9f-ce52-08d8b6ebea2e
x-ms-traffictypediagnostic: PH0PR11MB5062:
x-microsoft-antispam-prvs: <PH0PR11MB506232F310B94111500F4473A9AA0@PH0PR11MB5062.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: PMjKzO67zaXJwicUs7pq950ZEjZUyd9yqtBqIC+ySUdNTdCHP/RSPDqZ8NT1tBjSCLkwWm7T4bV5KXV05hC2rydcO63IU1vEpvjnRqymV1HDnRrelCmhPPhkprm8kY/AeqsEoyL7qvkilLqR8JpIDZK9fH5y2RVUIwHoxqNOcI0Q0i1LzL4hDNc0mWo//FHAaRXPEoPI9X3sYRfTYIPdp3c+merCWYDmnRutjiGAyqF+n+uy9IVZJLgB45YjzdavUgQovB0lMX9oMhkOEzLnqLxqmSfjZi5+IvpXFP54h7zWri4grFhsX5DVSEOUYogM4p2etPH2lPPqNZcMyH8YzqF5w3KsLwqnjea1Q7HK9QRxZzy6iTvFRy6xJEmSj4mb9MxuT70Z/3QFWZMFVZ6EB2VR7uTRCwipCP/j5tZOOalZ2qsNigwqfO41V66RawmeyJnD47mU1liqGbPK4N3UIv+Y7uUSJrf7iMOEANxKQCqG/zYAWl478wpQpB499Ndg+GBW1dzlYN0uhad8pBo8Nw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(39860400002)(136003)(396003)(376002)(346002)(366004)(6506007)(16799955002)(6486002)(478600001)(71200400001)(83380400001)(86362001)(8676002)(8936002)(66476007)(36756003)(2906002)(66556008)(4326008)(91956017)(316002)(76116006)(54906003)(33656002)(53546011)(64756008)(166002)(110136005)(5660300002)(66446008)(186003)(7416002)(6512007)(966005)(2616005)(66946007)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: Ho30eWYbcItlLiUahpU2LRhDiJf+iUPXRZ6P59PwtOsWLLzFemu54HDIeAUoIIxyIgif1pQx9YsXu7ZZmiwjuOfGaNMDKWYBpi2HKIhuKfa7TSS67fstq25crfvB6XSuelGlcGV8R0DXIREXZqmybhljqkan8Jnczfm5lWr8Gb5t9qi7T58doa+GJn6lNfuV/s9m+2Uh7gV+/b7boTXCI7DJrWSdx0IrVSdcSjobMJA0FwNOIXazVEEaiUCUI/jigCLHHNUbE50vwgj10T21lQSHaVtLwAh3zaDfmK5TKsB3LEAeOBIdfbdRhGeASX1Xexfq5lmRS/9RyXcihhU2vF1Ia+Sxx1gkYzIpj4yg1AetEhC9ryPhpDS9CeZQA7tN8Yb03MZ6PnUkgcQI+d9xI8el7wFh+VcFzVlDiYCmaImQZqYfmyt/qxFuipDMEZsi4p9KCdqjWbs8fPLcf8nzyl0FNLHbNfgY84VMtPRUoLapPDbanXHn+IALpGJPY7cm76Efmk8WUWyBtXZT2FmzMAlCRJDWSaRU2/wjnhHZILreMx/fDtiHBtWtCR7vJLdhOwSHubmRG7He10JSUY0yrISShWLLc4Ml6jvQjNNWzAwLn2AocQ5khj/HVJpx6D55VySX/XAlOcX/NvTuFu/WruXSLIP3gbe4jV07tgCE6lDqLDEYSsLjHO6q/Sts0FAOv7NWoz+/2tTYyZAG0kGYpGNSj11K8mWY1dQwH8wv098kENg91cce5fAPTj78LVcJnzv/3xpAcLqIN1GmthTtfaTuAp8pEnrGqX3Zb1y84H3W07j2epsWJlhy82ll5ZufVUnmoAwtx/6Qm69cWEXtRlY9vUXqe9UoUOIkxPQc4l/gGzKBFUv24vVvcjJLgx7awgpmHb+MlAPnUe3+LkvbxuLpivhz8rEP9AyvfIYoSCOoRhf/IN7yRCTKmOpH46FvBse6tlS9r4A6LO92ikctsqoRLfnDcIEoNosw+M4DZ+Bnj98O+ftjc/KPbIzKdDWtvprGmFJ8JelYFkF6Ipz4amVanN67bhekqWr3R0Pgu7I7ZDARDJIzKq2ghdX+8MmJ
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_68AF03688CB84DF3A33E0AA28E61B5F5ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 88d65967-dfde-4a9f-ce52-08d8b6ebea2e
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jan 2021 11:19:23.4076 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Jt8NluR/LkUZj13suDpPenovFRAAGY3Klv0E5uMTzgHYMjhanJo6ytB5dz1hahn+rztdqCyq7GtVGzUZITnO6w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5062
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.12, xch-rcd-002.cisco.com
X-Outbound-Node: alln-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/vRQ5qDOnH0W9Nvg3uTiFIJo3NhI>
X-Mailman-Approved-At: Tue, 19 Jan 2021 12:24:34 -0800
Subject: Re: [Hipsec] Need to close all draft-ietf-hip-dex-21 pending issues... before 2021-Jan-13...
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jan 2021 11:19:31 -0000

Two months after the email below, I sending a kind reminder to authors and WG.

With the -22, a lot of (if not all ) SEC ADs’ DISCUSS points should have been addressed.

As far as I can tell, the other remaining issue was Ekr’s one about why forfeiting FS when some algorithm could do it in a reasonable time. In an email to authors and ADs, Eric R. wrote “it defines a set of parameters (the NIST curves) which are slower w/o FS than other parameters (X25519) are w/ FS. This fact calls into question the need to dispense with FS.”

While 2 months ago I put a deadline for tomorrow, I (as the responsible AD) am flexible of course but we cannot linger anymore. I know that a -23 is in the work for weeks => let’s publish it in the coming days.

Else, next week we will need to either change the intended status to experimental or declare the document dead by lack of energy. The latter does not have my preference obviously.

Regards

-éric


From: Hipsec <hipsec-bounces@ietf.org> on behalf of "Eric Vyncke (evyncke)" <evyncke=40cisco.com@dmarc.ietf.org>
Date: Friday, 13 November 2020 at 15:32
To: "hipsec@ietf.org" <hipsec@ietf.org>, "draft-ietf-hip-dex@ietf.org" <draft-ietf-hip-dex@ietf.org>, Robert Moskowitz <rgm@labs.htt-consult.com>, Miika Komu <miika.komu@ericsson.com>
Cc: Roman Danyliw <rdd@cert.org>, Eric Rescorla <ekr@rtfm.com>, Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>, "rene.hummen@belden.com" <rene.hummen@belden.com>, Benjamin Kaduk <kaduk@mit.edu>, Erik Kline <ek.ietf@gmail.com>
Subject: [Hipsec] Need to close all draft-ietf-hip-dex-21 pending issues... before 2021-Jan-13...

Dear HIP, dear authors,

This document was requested for publication [1] in February 2018 (2.5 years ago), then its IESG evaluation has been deferred, then I took over this document from Terry Manderson in March 2019, then it went again through IESG evaluation in July 2020 and there are still DISCUSS points to be addressed even after a couple of revised I-D...

Difficult not to observe that this document does not progress very fast.

Moreover, this document is a normative reference for rfc4423-bis waiting in the RFC editor queue since March 2019... So, also blocking the HIP-NAT document [2].

After discussion with the HIP chair, Gonzalo in cc, we have taken the following decision: if a revised I-D addressing remaining DISCUSS points + Ekr’s ones is not uploaded within 2 months (13th of January 2021), then I will request the HIP WG to accept the complete removal of section A.3.3 of the rfc4423-bis document (1 page about HIP-DEX in the appendix) + the reference to the HIP-DEX document [3]. This will allow the immediate publication of the rfc4423-bis and HIP-NAT documents.

The HIP DEX authors may also select to change the intended status of the document to ‘experimental’ (if the HIP WG agrees) as this may reduce the security requirements by the SEC AD and Ekr.

Gonzalo and I are still hoping to get a revised HIP-DEX shortly,

Regards

-éric

[1] https://datatracker.ietf.org/doc/draft-ietf-hip-dex/history/
[2] https://www.rfc-editor.org/cluster_info.php?cid=C386
[3] and possibly I will set the state of HIP-DEX as ‘dead’ on the datatracker

v2.23.0 | Report a Bug | By Email