Re: [Int-area] draft-learmonth-intarea-rfc1226-bis-00

"Iain R. Learmonth" <irl@hambsd.org> Sun, 24 May 2020 19:16 UTC

Return-Path: <irl@hambsd.org>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D37E3A09CA for <int-area@ietfa.amsl.com>; Sun, 24 May 2020 12:16:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.118
X-Spam-Level:
X-Spam-Status: No, score=-1.118 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3JZ_8iK8EUPl for <int-area@ietfa.amsl.com>; Sun, 24 May 2020 12:16:37 -0700 (PDT)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2F463A09B9 for <Int-area@ietf.org>; Sun, 24 May 2020 12:16:35 -0700 (PDT)
Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 49VVMR18CZzFcc3; Sun, 24 May 2020 12:16:35 -0700 (PDT)
X-Riseup-User-ID: B717201B06D14BBAB9701A0274AB307ACA7C0AD94DEC3E972CD24B2B4AC42DBC
Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 49VVMQ3QhLzJqk0; Sun, 24 May 2020 12:16:34 -0700 (PDT)
To: Erik Kline <ek.ietf@gmail.com>
Cc: Int-area@ietf.org
References: <159004528499.11433.5479167060208316355@ietfa.amsl.com> <90e3bce1-cd60-b45b-d4d9-11da99ee2093@hambsd.org> <CAMGpriW21fyfzJjzfR=SnUf-GujQKOhaPJQd_0nDJwps8-y_NQ@mail.gmail.com> <CAMGpriWbro8hAZUn+zLzWZKV9uD3Q6-nX5Hj6PjZep_VqrB++g@mail.gmail.com>
From: "Iain R. Learmonth" <irl@hambsd.org>
Organization: HamBSD Project
Message-ID: <80e7193e-e9b2-53ca-6be4-3d8f0b0a593b@hambsd.org>
Date: Sun, 24 May 2020 20:16:31 +0100
MIME-Version: 1.0
In-Reply-To: <CAMGpriWbro8hAZUn+zLzWZKV9uD3Q6-nX5Hj6PjZep_VqrB++g@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/IHdwnWd1yDKQ-MVzD_m6GN4CZio>
Subject: Re: [Int-area] draft-learmonth-intarea-rfc1226-bis-00
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 May 2020 19:16:39 -0000

Hi,

On 23/05/2020 23:35, Erik Kline wrote:
> On Sat, May 23, 2020 at 2:24 PM Erik Kline <ek.ietf@gmail.com> wrote:
> Ah, I think I see now that section 17 of that PDF refers to these as
> "dummy callsigns".  It mentions "TCPIP", but there doesn't seem to be
> any text significantly constraining these dummy callsigns.

Indeed. There is not currently a registry of these dummy callsigns. The
only restriction is that they should not be confused with real
callsigns, and this is achieved by using only alpha characters. ITU
requires that callsigns use numerals to separate the prefix from the
suffix to avoid ambiguity between countries.

>> [ section 5 ]
>>
>> * Can you explain more about the limitations on non-NULL encryption?
>>
>> My intuition would be that ESP with non-NULL encryption provides
>> privacy only on the IP links between tunnel endpoints.  A packet that
>> failed to decrypt properly would not be transmitted over the amateur
>> radio link, but rather be dropped by the IP endpoint (and possibly
>> logged).  I don't think I follow what the intent of this section is.

I think that the problem with this section is that I've not been clear
that everything relates to the path between the tunnel endpoints. The IP
packets, not just the AX.25 packets, may traverse an amateur radio link.
Microwave links using modified wifi equipment to operate in the amateur
bands are common, for example, and could carry an AX.25 tunnel over IP
between two AX.25 hosts. Encryption is forbidden on that IP microwave
link, just as it is on the AX.25 links.

I do not want to forbid the use of non-NULL encryption. This phrasing
may also be misleading as RFC4543 also provides encryption transforms
that do not provide confidentiality. Instead of talking about NULL
specifically, this could be changed to require use of a transform that
does not provide confidentiality.

Would these changes answer the question?

>> * I cannot find the phrase "dead peer detection" in RFC 7926, nor is
>> that the IKEv2 RFC.  I think perhaps you meant RFC 7296 (numeric
>> transposition).

Well caught! I did indeed mean the IKEv2 RFC.

Thanks,
Iain.

-- 
https://hambsd.org/