RE: [IPsec] Last Call: <draft-kivinen-ipsecme-ikev2-rfc5996bis-02.txt> (Internet Key Exchange Protocol Version 2 (IKEv2)) to Internet Standard
"PUTMAN, Tony (Tony)" <tony.putman@alcatel-lucent.com> Tue, 22 April 2014 09:57 UTC
Return-Path: <tony.putman@alcatel-lucent.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D45531A02D7; Tue, 22 Apr 2014 02:57:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uf7e3JXpFr_5; Tue, 22 Apr 2014 02:57:00 -0700 (PDT)
Received: from hoemail2.alcatel.com (hoemail2.alcatel.com [192.160.6.149]) by ietfa.amsl.com (Postfix) with ESMTP id C08A91A01D9; Tue, 22 Apr 2014 02:56:55 -0700 (PDT)
Received: from fr712usmtp2.zeu.alcatel-lucent.com (h135-239-2-42.lucent.com [135.239.2.42]) by hoemail2.alcatel.com (8.13.8/IER-o) with ESMTP id s3M9ulVi025546 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 22 Apr 2014 04:56:49 -0500 (CDT)
Received: from FR711WXCHHUB02.zeu.alcatel-lucent.com (fr711wxchhub02.zeu.alcatel-lucent.com [135.239.2.112]) by fr712usmtp2.zeu.alcatel-lucent.com (GMO) with ESMTP id s3M9ul0U008820 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 22 Apr 2014 11:56:47 +0200
Received: from FR711WXCHMBA01.zeu.alcatel-lucent.com ([169.254.1.223]) by FR711WXCHHUB02.zeu.alcatel-lucent.com ([135.239.2.112]) with mapi id 14.02.0247.003; Tue, 22 Apr 2014 11:56:47 +0200
From: "PUTMAN, Tony (Tony)" <tony.putman@alcatel-lucent.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Subject: RE: [IPsec] Last Call: <draft-kivinen-ipsecme-ikev2-rfc5996bis-02.txt> (Internet Key Exchange Protocol Version 2 (IKEv2)) to Internet Standard
Thread-Topic: [IPsec] Last Call: <draft-kivinen-ipsecme-ikev2-rfc5996bis-02.txt> (Internet Key Exchange Protocol Version 2 (IKEv2)) to Internet Standard
Thread-Index: AQHPUER+0n62SMALMEq7nBB2qf17BpsWIUEw///ldYCAB3nA4A==
Date: Tue, 22 Apr 2014 09:56:46 +0000
Message-ID: <14BE57EA00BC0C469E17B5AD698FE67766664FCB@FR711WXCHMBA01.zeu.alcatel-lucent.com>
References: <20140404202750.31367.2461.idtracker@ietfa.amsl.com> <14BE57EA00BC0C469E17B5AD698FE67766664CE4@FR711WXCHMBA01.zeu.alcatel-lucent.com> <B12490A2-2D31-4E32-9D9E-ACB80C91FB8C@gmail.com>
In-Reply-To: <B12490A2-2D31-4E32-9D9E-ACB80C91FB8C@gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.239.27.38]
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/BdG2MLW8e45T2Af3dB-3NHW6E4Y
X-Mailman-Approved-At: Tue, 22 Apr 2014 08:08:46 -0700
Cc: "ipsec@ietf.org" <ipsec@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Apr 2014 09:57:05 -0000
Hi Yoav, Yes, that's what I meant; your suggestion is fine with me. To be honest, I wasn't sure whether this was a "substantive comment" or not, but the question was raised to me by a colleague and I thought that I should pass it on. Apologies if my comment was too brief (and for the late follow-up). Tony -----Original Message----- From: Yoav Nir [mailto:ynir.ietf@gmail.com] Sent: Thursday, April 17, 2014 6:42 PM To: PUTMAN, Tony (Tony) Cc: ietf@ietf.org; ipsec@ietf.org Subject: Re: [IPsec] Last Call: <draft-kivinen-ipsecme-ikev2-rfc5996bis-02.txt> (Internet Key Exchange Protocol Version 2 (IKEv2)) to Internet Standard Hi, Tony Thanks for the review. I assume you mean that you don’t sign with public keys. Replacing “sign” with “validate” makes for a strange sentence, because the sentence is about sending (and presumably signing) rather than receiving (and validating). How about: “If multiple certificate are sent, the first MUST contain the public key associated with the private key used to sign the AUTH payload” Yoav On Apr 17, 2014, at 8:23 PM, PUTMAN, Tony (Tony) <tony.putman@alcatel-lucent.com> wrote: > All, > > In section 3.6 (top of page 94), there is the statement, > "If multiple certificates > are sent, the first certificate MUST contain the public key used to > sign the AUTH payload." > > "sign" should be "validate". > > Regards, > Tony > -- > Tony Putman > Alcatel-Lucent Technologies > > -----Original Message----- > From: IPsec [mailto:ipsec-bounces@ietf.org] On Behalf Of The IESG > Sent: Friday, April 04, 2014 9:28 PM > To: IETF-Announce > Cc: ipsec@ietf.org > Subject: [IPsec] Last Call: <draft-kivinen-ipsecme-ikev2-rfc5996bis-02.txt> (Internet Key Exchange Protocol Version 2 (IKEv2)) to Internet Standard > > > The IESG has received a request from the IP Security Maintenance and > Extensions WG (ipsecme) to consider the following document: > - 'Internet Key Exchange Protocol Version 2 (IKEv2)' > <draft-kivinen-ipsecme-ikev2-rfc5996bis-02.txt> as Internet Standard > > The IESG plans to make a decision in the next few weeks, and solicits > final comments on this action. Please send substantive comments to the > ietf@ietf.org mailing lists by 2014-04-18. Exceptionally, comments may be > sent to iesg@ietf.org instead. In either case, please retain the > beginning of the Subject line to allow automated sorting. > > Abstract > > > This document describes version 2 of the Internet Key Exchange (IKE) > protocol. IKE is a component of IPsec used for performing mutual > authentication and establishing and maintaining Security Associations > (SAs). This document replaces and updates RFC 5996, and includes all > of the errata for it, and it is intended to update IKEv2 to be > Internet Standard. > > > > > The file can be obtained via > http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-ikev2-rfc5996bis/ > > IESG discussion can be tracked via > http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-ikev2-rfc5996bis/ballot/ > > > No IPR declarations have been submitted directly on this I-D. > > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-ike… Yoav Nir
- RE: [IPsec] Last Call: <draft-kivinen-ipsecme-ike… PUTMAN, Tony (Tony)
- RE: [IPsec] Last Call: <draft-kivinen-ipsecme-ike… PUTMAN, Tony (Tony)
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-ike… Tero Kivinen