Re: [I2nsf] Review of draft-ietf-i2nsf-sdn-ipsec-flow-protection-03 (Section 3)
Rafa Marin-Lopez <rafa@um.es> Tue, 27 November 2018 15:28 UTC
Return-Path: <rafa@um.es>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4842312D4E7; Tue, 27 Nov 2018 07:28:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ad5pBlpIuouN; Tue, 27 Nov 2018 07:27:59 -0800 (PST)
Received: from xenon44.um.es (xenon44.um.es [155.54.212.171]) by ietfa.amsl.com (Postfix) with ESMTP id 48666130DDA; Tue, 27 Nov 2018 07:27:59 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by xenon44.um.es (Postfix) with ESMTP id CBDD01FE6F; Tue, 27 Nov 2018 16:27:53 +0100 (CET)
X-Virus-Scanned: by antispam in UMU at xenon44.um.es
Received: from xenon44.um.es ([127.0.0.1]) by localhost (xenon44.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id WJK62bvlgmTP; Tue, 27 Nov 2018 16:27:53 +0100 (CET)
Received: from quantum.inf.um.es (quantum.inf.um.es [155.54.204.208]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: rafa@um.es) by xenon44.um.es (Postfix) with ESMTPSA id 07E071FFD4; Tue, 27 Nov 2018 16:27:50 +0100 (CET)
From: Rafa Marin-Lopez <rafa@um.es>
Message-Id: <D8BB13F7-1EB2-43E2-8571-A557820C734B@um.es>
Content-Type: multipart/alternative; boundary="Apple-Mail=_66109275-53AA-4055-94F2-8800E1AEC71B"
Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\))
Date: Tue, 27 Nov 2018 16:27:49 +0100
In-Reply-To: <alpine.LRH.2.21.1811180149220.25604@bofh.nohats.ca>
Cc: Rafa Marin-Lopez <rafa@um.es>, Yoav Nir <ynir.ietf@gmail.com>, i2nsf@ietf.org, "ipsec@ietf.org WG" <ipsec@ietf.org>
To: Paul Wouters <paul@nohats.ca>
References: <A881C135-9BF7-4E93-BB7A-75EB3D1FF605@gmail.com> <6839D47C-4074-486F-9350-8EB7B378036C@um.es> <DAE14995-8504-4134-B021-93D56A4994FB@gmail.com> <alpine.LRH.2.21.1811180149220.25604@bofh.nohats.ca>
X-Mailer: Apple Mail (2.3445.100.39)
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/Lfk8mIAVM53sjNaRBplB5fMxhQg>
Subject: Re: [I2nsf] Review of draft-ietf-i2nsf-sdn-ipsec-flow-protection-03 (Section 3)
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Nov 2018 15:28:03 -0000
Hi Paul: > Section 3: > > It requires information about the > required authentication method (i.e. preshared keys), DH groups, > modes and algorithms for IKE SA negotiation, etc. > > In the IKE world, we really try to not recommend preshared keys, because > these keys mostly based on human readable low entropy content. If this > document thinks raw RSA/ECDSA keys or X.509 certificates are also methods > that will be implemented by SDN Controllers, please change the example of > preshared keys to something else. [Authors] In IKE case, the Security Controller generates pseudo-random PSKs. Hence, there is NO low entropy content since this PSK is not based on human involment. Having said that, raw RSA/ECDSA keys or X.509 certificates are plausible. Let's add it: "It requires information about the required authentication method (i.e. a raw public key, a x509 certificate or preshared keys), DH groups, modes and algorithms for IKE SA negotiation, etc.” Best Regards. ------------------------------------------------------- Rafa Marin-Lopez, PhD Dept. Information and Communications Engineering (DIIC) Faculty of Computer Science-University of Murcia 30100 Murcia - Spain Telf: +34868888501 Fax: +34868884151 e-mail: rafa@um.es -------------------------------------------------------
- [I2nsf] Reviewing sdn-ipsec-flow-protection Yoav Nir
- Re: [I2nsf] Reviewing sdn-ipsec-flow-protection Rafa Marin-Lopez
- Re: [I2nsf] Reviewing sdn-ipsec-flow-protection Yoav Nir
- [I2nsf] Review of draft-ietf-i2nsf-sdn-ipsec-flow… Paul Wouters
- Re: [I2nsf] Review of draft-ietf-i2nsf-sdn-ipsec-… Rafa Marin Lopez
- Re: [I2nsf] Review of draft-ietf-i2nsf-sdn-ipsec-… Paul Wouters
- Re: [I2nsf] Review of draft-ietf-i2nsf-sdn-ipsec-… Yoav Nir
- Re: [I2nsf] [IPsec] Review of draft-ietf-i2nsf-sd… Paul Wouters
- Re: [I2nsf] [IPsec] Review of draft-ietf-i2nsf-sd… Gabriel Lopez
- Re: [I2nsf] [IPsec] Review of draft-ietf-i2nsf-sd… Paul Wouters
- Re: [I2nsf] Review of draft-ietf-i2nsf-sdn-ipsec-… Rafa Marin-Lopez
- Re: [I2nsf] [IPsec] Review of draft-ietf-i2nsf-sd… Gabriel Lopez
- Re: [I2nsf] [IPsec] Review of draft-ietf-i2nsf-sd… Yoav Nir
- Re: [I2nsf] [IPsec] Review of draft-ietf-i2nsf-sd… Rafa Marin-Lopez
- Re: [I2nsf] Review of draft-ietf-i2nsf-sdn-ipsec-… Rafa Marin-Lopez
- Re: [I2nsf] [IPsec] Review of draft-ietf-i2nsf-sd… Gabriel Lopez
- Re: [I2nsf] [IPsec] Review of draft-ietf-i2nsf-sd… Linda Dunbar
- Re: [I2nsf] [IPsec] Review of draft-ietf-i2nsf-sd… Rafa Marin Lopez
- Re: [I2nsf] Review of draft-ietf-i2nsf-sdn-ipsec-… Rafa Marin-Lopez
- Re: [I2nsf] Review of draft-ietf-i2nsf-sdn-ipsec-… Fernando Pereñíguez García
- Re: [I2nsf] Review of draft-ietf-i2nsf-sdn-ipsec-… Paul Wouters
- Re: [I2nsf] Reviewing sdn-ipsec-flow-protection Gabriel Lopez