IETF Logo Mail Archive

Re: [IPsec] Lars Eggert's No Objection on draft-ietf-ipsecme-ikev2-intermediate-09: (with COMMENT)

Valery Smyslov <svan@elvis.ru> Tue, 01 March 2022 13:53 UTC

Return-Path: <svan@elvis.ru>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F5023A09A6; Tue, 1 Mar 2022 05:53:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 32wQWqCRIEcT; Tue, 1 Mar 2022 05:53:20 -0800 (PST)
Received: from dpmail.elvis.ru (dpmail.elvis.ru [93.188.44.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF3C93A09AF; Tue, 1 Mar 2022 05:53:13 -0800 (PST)
Received: from kmail.elvis.ru ([93.188.44.208]) by dpmail.elvis.ru with esmtp (Exim 4.89) (envelope-from <svan@elvis.ru>) id 1nP2w7-00066T-7U; Tue, 01 Mar 2022 16:53:09 +0300
Received: from mail16.office.elvis.ru ([10.111.1.29] helo=mail.office.elvis.ru) by kmail.elvis.ru with esmtp (Exim 4.92) (envelope-from <svan@elvis.ru>) id 1nP2w7-0004Xe-2G; Tue, 01 Mar 2022 16:53:07 +0300
Received: from MAIL16.office.elvis.ru (10.111.1.29) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Tue, 1 Mar 2022 16:53:06 +0300
Received: from buildpc (10.111.10.33) by MAIL16.office.elvis.ru (10.111.1.29) with Microsoft SMTP Server id 15.1.1779.2 via Frontend Transport; Tue, 1 Mar 2022 16:53:06 +0300
From: Valery Smyslov <svan@elvis.ru>
To: 'Lars Eggert' <lars@eggert.org>, 'The IESG' <iesg@ietf.org>
CC: draft-ietf-ipsecme-ikev2-intermediate@ietf.org, ipsecme-chairs@ietf.org, ipsec@ietf.org, ynir.ietf@gmail.com
References: <164612839381.20180.12376957342381821650@ietfa.amsl.com>
In-Reply-To: <164612839381.20180.12376957342381821650@ietfa.amsl.com>
Date: Tue, 01 Mar 2022 16:53:09 +0300
Message-ID: <03fa01d82d73$af375e40$0da61ac0$@elvis.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQIe8dMPfyTWHGrK2LsBdDkKKB7YvKwc2vHw
Content-Language: ru
X-CrossPremisesHeadersFilteredBySendConnector: MAIL16.office.elvis.ru
X-OrganizationHeadersPreserved: MAIL16.office.elvis.ru
X-KLMS-AntiSpam-Interceptor-Info: not scanned
X-KLMS-Rule-ID: 1
X-KLMS-Message-Action: clean
X-KLMS-AntiSpam-Status: not scanned, disabled by settings
X-KLMS-AntiPhishing: Clean, bases: 2022/02/20 23:15:00
X-KLMS-AntiVirus: Kaspersky Security for Linux Mail Server, version 8.0.3.30, bases: 2022/02/20 20:13:00 #18795747
X-KLMS-AntiVirus-Status: Clean, skipped
X-Spam-Scanner: Rspamd work in dpmail.elvis.ru, WHITELIST
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/0p3gnM3unoEBaJU82VMpKz_5Pgw>
Subject: Re: [IPsec] Lars Eggert's No Objection on draft-ietf-ipsecme-ikev2-intermediate-09: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Mar 2022 13:53:23 -0000

Hi Lars,

thank you for your comments.

> Lars Eggert has entered the following ballot position for
> draft-ietf-ipsecme-ikev2-intermediate-09: No Objection
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
> for more information about how to handle DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-intermediate/
> 
> 
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> Section 1. , paragraph 5, comment:
> >    This specification describes a way to transfer a large amount of data
> >    in IKEv2 using UDP transport.  For this purpose the document defines
> 
> To a transport person, "a large amount of data" sounds like a bulk transfer.
> Surely this isn't the intention here? Could the text more precisely state for
> which data sizes this is an appropriate mechanism?

By no means it was intended to use this exchange for a bulk transfer.
If we talk about PQ public keys, then "large amount" will be in most cases
less than few tens Kbytes. A notable exception is classic McEliece,
which has public key size of few hundred Kbytes, but transferring 
this amount of data in IKE requires some changes in the protocol 
anyway (see draft-tjhai-ikev2-beyond-64k-limit-02 as an example)
and will most probably require TCP transport (although
we successfully used UDP for this purpose in test lab).

I can add the following text at the end of Section 1 (as new paragraph):

  Note, that the IKE_INTERMEDIATE exchange is not intended for 
  bulk transfer. This specification doesn't set a hard cap on
  the amount of data that can be safely transferred using this mechanism, 
  as it depends on its application. But it is anticipated that in most cases 
  the amount of data will be limited to tens of Kbytes (few hundred Kbytes 
  in extreme cases). 
  
 Is it OK?

> -------------------------------------------------------------------------------
> All comments below are about very minor potential issues that you may choose to
> address in some way - or ignore - as you see fit. Some were flagged by
> automated tools (via https://github.com/larseggert/ietf-reviewtool), so there
> will likely be some false positives. There is no need to let me know what you
> did with these suggestions.
> 
> Paragraph 3, nit:
> > v2-intermediate-09 Abstract This documents defines a new exchange, called Int
> >                                  ^^^^^^^^^
> Consider using the singular form after the singular determiner "This".

Typo, fixed.

> Section 1. , paragraph 3, nit:
> > um Computer (QC) resistant ones. Currently most QC-resistant key exchange me
> >                                  ^^^^^^^^^
> A comma may be missing after the conjunctive/linking adverb "Currently".

Added missing comma.

> Section 1. , paragraph 3, nit:
> > r IKEv2, as defined in [RFC8229]. However this approach has significant draw
> >                                   ^^^^^^^
> A comma may be missing after the conjunctive/linking adverb "However".

Ditto.

> Section 3.3.2. , paragraph 17, nit:
> > ready to be encrypted) fragments. However care must be taken to properly rep
> >                                   ^^^^^^^
> A comma may be missing after the conjunctive/linking adverb "However".

Ditto.

> Section 3.3.2. , paragraph 18, nit:
> > e[i/r] and SK_a[i/r] used for its messages protection (see Section 3.3.1) an
> >                                   ^^^^^^^^
> An apostrophe may be missing.

Changed to "for protection of its messages" to eliminate confusion.

> Section 3.4. , paragraph 2, nit:
> > he peers can be certain that they receives messages from the party they perf
> >                                   ^^^^^^^^
> The pronoun "they" must be used with a non-third-person form of a verb.

Fixed.

> Section 5. , paragraph 4, nit:
> > nt interoperable implementations of this specifications from the following v
> >                                     ^^^^
> The demonstrative "this" may not agree with the plural noun "specifications".
> Did you mean "these"?

Typo, fixed.

Thank you!

Regards,
Valery.

v2.23.0 | Report a Bug | By Email