Re: [IPsec] New Version Notification for draft-smyslov-ipsecme-ikev2-aux-02.txt
"Valery Smyslov" <smyslov.ietf@gmail.com> Mon, 03 December 2018 13:09 UTC
Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02211130E23 for <ipsec@ietfa.amsl.com>; Mon, 3 Dec 2018 05:09:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.5
X-Spam-Level:
X-Spam-Status: No, score=-0.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=1.5, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zXOjEh6Pk5Iv for <ipsec@ietfa.amsl.com>; Mon, 3 Dec 2018 05:09:10 -0800 (PST)
Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35361130E1C for <ipsec@ietf.org>; Mon, 3 Dec 2018 05:09:10 -0800 (PST)
Received: by mail-lf1-x12f.google.com with SMTP id u18so9057886lff.10 for <ipsec@ietf.org>; Mon, 03 Dec 2018 05:09:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:references:in-reply-to:subject:date:message-id:mime-version :content-transfer-encoding:content-language:thread-index; bh=ohW3mqloaCmUuqDKX3H25zQ7AqegvR4sGYjZGYNiOOM=; b=H6B22sEEh8tR5tpkqsuRZgmSaPBrfrHt5hu9eAhzMd+h72TlKHsSFB2MS+2BzsvboV W51X5JYx/dWLIGIBsuvCQvjeE4OUQpvSfcYOc6N0o0d7sb/nNBsyx6fCnb4WjuHDAeb/ YfutbJ3HLmpCNK2BrwlhrKir/M/EMCPfl+rhqOGC0fl4Eh6NzsIpyxmSvlver0GrxucF pIxp3YefAQxjnhabKAWBWUH/lczuTdXlphSfpl65gPK+Ht9EnIvZu5IF/IKbY09zZQJ6 FAm90bfXsJbTcjD2QKpJVpHo6lBMvr30Do1W9Zksujpba2DCWpTIUzvl67ySRzCS1bP6 fwPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:content-language :thread-index; bh=ohW3mqloaCmUuqDKX3H25zQ7AqegvR4sGYjZGYNiOOM=; b=Ik0rb+Mf6Rw+WEVVRr7j++u9NTAVOr8UjLG2T9USEpNAlrkVueqboNL359eIue1oTS ZfoEX8zovc9muJaRokf8omYM1TpC3cxXle4Kt3t/HNqy4kNXv7XlvO80kwxktbtskcri UwkeSGcCqhoA6jrbLOxRHmHhXE2vOT63NCQGhHDP+G5sxpqsm/ACk0DnVmHKytg2gYk4 SKbYidPa+AkUyevobJyuWVkECvdcTxxIOo1LsQtpF5MYTTHF8KFIc2pf3aXJhREBNvvi CGuHeyVHGrq5SKIlcd1EC6x9AFdP4DkZ28r3o7nzZSXwNR7UQCq2YcUERKzLakrSv90T Ymkw==
X-Gm-Message-State: AA+aEWYFVWY+qGqheMTxDXELlaVWRn4VaxsykMOaB7YMBJsn5XEB8AHU WpqaGX8RBdYpNhziLA5Rly0Clsf0
X-Google-Smtp-Source: AFSGD/WDObRz4jiTJP1gTYpXELOlmIdSo7XRUCuKrWy9+wnH/2S/M7+1PARiCI6tAnS6uT5/Xlo3Kw==
X-Received: by 2002:a19:c203:: with SMTP id l3mr8858115lfc.113.1543842547959; Mon, 03 Dec 2018 05:09:07 -0800 (PST)
Received: from buildpc ([82.138.51.4]) by smtp.gmail.com with ESMTPSA id o26sm2498090lfl.18.2018.12.03.05.09.06 for <ipsec@ietf.org> (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 03 Dec 2018 05:09:07 -0800 (PST)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: IPsecME WG <ipsec@ietf.org>
References: <154384180519.18304.6269496079887828694.idtracker@ietfa.amsl.com>
In-Reply-To: <154384180519.18304.6269496079887828694.idtracker@ietfa.amsl.com>
Date: Mon, 03 Dec 2018 16:09:07 +0300
Message-ID: <01d301d48b09$5fe4e570$1faeb050$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Content-Language: ru
Thread-Index: AQFvpIhkJ6MbBCvQSE8mfruBasP2faY2xncA
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/-02_YyYHZd0d6wAfDY8RYSJ9YW4>
Subject: Re: [IPsec] New Version Notification for draft-smyslov-ipsecme-ikev2-aux-02.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Dec 2018 13:09:12 -0000
Hi,
I've submitted a new version of the draft-smyslov-ipsecme-ikev2-aux. Major changes:
1. The exchange is renamed from IKE_AUX to INTERMEDIATE (thanks Tommy!).
I believe this name reflects its purpose, it's easy to pronounce and hard to mix
with existing exchanges.
2. The way the exchange is authenticated in IKE_AUTH is changed to include
full transcript from both parties (thank to Scott for suggesting this).
3. The order of the chunks that are input to prf is changed, as well as the
position of the prf outputs in the signing blobs. These changes were
motivated by implementation experience - they make implementing
the exchanges a bit easier. I believe they don't influence security.
4. Some clarifications are added.
Comments are more than welcome :-)
Regards,
Valery.
> A new version of I-D, draft-smyslov-ipsecme-ikev2-aux-02.txt
> has been successfully submitted by Valery Smyslov and posted to the
> IETF repository.
>
> Name: draft-smyslov-ipsecme-ikev2-aux
> Revision: 02
> Title: Intermediate Exchange in the IKEv2 Protocol
> Document date: 2018-12-03
> Group: Individual Submission
> Pages: 10
> URL: https://www.ietf.org/internet-drafts/draft-smyslov-ipsecme-ikev2-aux-02.txt
> Status: https://datatracker.ietf.org/doc/draft-smyslov-ipsecme-ikev2-aux/
> Htmlized: https://tools.ietf.org/html/draft-smyslov-ipsecme-ikev2-aux-02
> Htmlized: https://datatracker.ietf.org/doc/html/draft-smyslov-ipsecme-ikev2-aux
> Diff: https://www.ietf.org/rfcdiff?url2=draft-smyslov-ipsecme-ikev2-aux-02
>
> Abstract:
> This documents defines a new exchange, called Intermediate Exchange,
> for the Internet Key Exchange protocol Version 2 (IKEv2). This
> exchange can be used for transferring large amount of data in the
> process of IKEv2 Security Association (SA) establishment.
> Introducing Intermediate Exchange allows re-using existing IKE
> Fragmentation mechanism, that helps to avoid IP fragmentation of
> large IKE messages, but cannot be used in the initial IKEv2 exchange.
>
>
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat
- Re: [IPsec] New Version Notification for draft-sm… Valery Smyslov
- Re: [IPsec] New Version Notification for draft-sm… Paul Wouters
- Re: [IPsec] New Version Notification for draft-sm… Valery Smyslov