IETF Logo Mail Archive

Re: [IPsec] New Version Notification for draft-tran-ipsecme-ikev2-yang-00.txt

Tommy Pauly <tpauly@apple.com> Mon, 28 March 2016 23:37 UTC

Return-Path: <tpauly@apple.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 122F112D0E5 for <ipsec@ietfa.amsl.com>; Mon, 28 Mar 2016 16:37:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.101
X-Spam-Level:
X-Spam-Status: No, score=-4.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zjVY_q8BfiyH for <ipsec@ietfa.amsl.com>; Mon, 28 Mar 2016 16:37:11 -0700 (PDT)
Received: from mail-in5.apple.com (mail-out5.apple.com [17.151.62.27]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B85612D0CF for <ipsec@ietf.org>; Mon, 28 Mar 2016 16:37:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1459208231; x=2323121831; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=CwhZ5O+u8zuB0bX3PZ2YSULcSHNbnsyFi5Re14rbXgY=; b=dGYSbG6glRgsq9uQwC9qMxclCudRHyKQ8jNr8P1YG47/w0AQbijGW3TlY7//62S+ bGLKq8fixvdj43hTXh09WCaAL6q5lOHSoo0n8TqpUxEOjRIsgGQrJmxzJueEhia/ qaTUe7e423g/cc0HpMwiYz7Bc4Dt0L62+zFlaQnQIEjHwM1PDAROR8BNKipcqAas Zzg8a+HhtUk16iyMFIzVJVYBqCSjTIZZHj9OwUHRPAHjCXH7/+3A1viCNaOaAF4r HVbItnUazBBB1NMfr0CXirsSXsELrBzMu3k5igTeTC7fw9/HCcDhsQ1+XMG+76UD Co2ZEThBQKeFtbv+IDJeeg==;
Received: from relay5.apple.com (relay5.apple.com [17.128.113.88]) by mail-in5.apple.com (Apple Secure Mail Relay) with SMTP id 51.48.03030.720C9F65; Mon, 28 Mar 2016 16:37:11 -0700 (PDT)
X-AuditID: 11973e13-f798e6d000000bd6-38-56f9c0270a57
Received: from sesame.apple.com (sesame.apple.com [17.128.115.128]) (using TLS with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by relay5.apple.com (Apple SCV relay) with SMTP id 2B.F2.25582.620C9F65; Mon, 28 Mar 2016 16:37:11 -0700 (PDT)
Received: from [17.153.41.232] by sesame.apple.com (Oracle Communications Messaging Server 7.0.5.35.0 64bit (built Mar 31 2015)) with ESMTPSA id <0O4R00C71W9XR140@sesame.apple.com> for ipsec@ietf.org; Mon, 28 Mar 2016 16:37:10 -0700 (PDT)
Sender: tpauly@apple.com
Content-type: multipart/alternative; boundary="Apple-Mail=_5FBE798D-A97A-48AD-98B6-0F3F15E57CDB"
MIME-version: 1.0 (Mac OS X Mail 10.0 \(3167\))
From: Tommy Pauly <tpauly@apple.com>
In-reply-to: <CADZyTknbM+U+QDY4FGZhG9eD5c1yU=FdtdAyxL-ioBe_hc4d=g@mail.gmail.com>
Date: Mon, 28 Mar 2016 16:37:09 -0700
Message-id: <43ECE08C-EECE-44BC-9105-D042C1038958@apple.com>
References: <20160318180059.2743.10884.idtracker@ietfa.amsl.com> <2D1BA3CFD799FD44A1F3650A84C4000F1231AFBC@eusaamb107.ericsson.se> <2DD56D786E600F45AC6BDE7DA4E8A8C11222B1D5@eusaamb108.ericsson.se> <alpine.LFD.2.20.1603271819220.22991@bofh.nohats.ca> <CADZyTknEeWdwE17=PJXs4Z4ae29FQB74psKbxrX82rzNi4Ndpw@mail.gmail.com> <8205E6F5-3B3F-4DF9-BA3A-AE5C5DF6F1A4@nohats.ca> <CADZyTknbM+U+QDY4FGZhG9eD5c1yU=FdtdAyxL-ioBe_hc4d=g@mail.gmail.com>
To: Daniel Migault <daniel.migault@ericsson.com>
X-Mailer: Apple Mail (2.3167)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrILMWRmVeSWpSXmKPExsUi2FAYoat+4GeYweOTHBb7t7xgc2D0WLLk J1MAYxSXTUpqTmZZapG+XQJXxoz5y9gKTsdWLL6zjr2BsSOgi5GTQ0LARKJrxjcmCFtM4sK9 9WxdjFwcQgJ7GSU2vF7I2sXIAVY0718ORHwmk8TvGSfZIZwvjBLPvj9kBykSFpCQ2LwnEWQQ s0CSxJGu32C9vAL6Er/OhIOEhQUiJI4evAC2i01AReL4tw3MICWcAsESN1tsQcIsAqoSH5Ye Z4WY4i6x4v0jRhCbV8BG4sbdKWBxIYEDzBJvH+mA2CICBhIvJ+xkgzhfVuLO8dMsIJdJCOxh kzgw7THzBEbhWUgumoVwEURYW2LZwtfMIGFmAR2JyQsZUYUh7I/njzAtYGRbxSiUm5iZo5uZ Z6qXWFCQk6qXnJ+7iREUB9PthHcwnl5ldYhRgINRiYc3YtHPMCHWxLLiytxDjNIcLErivNVL f4QJCaQnlqRmp6YWpBbFF5XmpBYfYmTi4JRqYGz+6JjuYT9ZmX/a5OazZt8mMG0s2Ses/vMS //7V2zaeeH1g9qWyrFnFLcHzNhtWHvqxtFJ9S/3Te/9vPNgr6MxcuMKrp321uoxKquXhlPhF qd4np+/5e/u3ktjWJYbP9x56r96QcPB7uIvigqwrZbz/7XZX+vRw+rM5ndjI8vuJW2+t4gre mCAlluKMREMt5qLiRAAkcqceZAIAAA==
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrNIsWRmVeSWpSXmKPExsUi2FDcoKt+4GeYwcYVjBb7t7xgc2D0WLLk J1MAYxSXTUpqTmZZapG+XQJXxoz5y9gKTsdWLL6zjr2BsSOgi5GDQ0LARGLev5wuRk4gU0zi wr31bF2MXBxCAjOZJH7POMkO4XxhlHj2/SE7SIOwgITE5j2JIA3MAkkSR7p+s4KEeQX0JX6d CQcJCwtESBw9eIEJxGYTUJE4/m0DM0gJp0CwxM0WW5Awi4CqxIelx1khprhLrHj/iBHE5hWw kbhxdwpYXEjgALPE20c6ILaIgIHEywk72SDOlJW4c/w0ywRGgVlIjpiFcAREWFti2cLXzCBh ZgEdickLGVGFIeyP548wLWBkW8UoUJSak1hpqpdYUJCTqpecn7uJERy2hRE7GP8vszrEKMDB qMTDG7HoZ5gQa2JZcWXuIUYJDmYlEV6zfUAh3pTEyqrUovz4otKc1OJDjBMZgX6cyCwlmpwP jKq8knhDExMDE2NjM2NjcxNzWgorifO2Sr8OExJITyxJzU5NLUgtgjmKiYNTqoFRq3WXHFf+ 75uTba+yswje7WfUOHozdX1lTPiO9Ek1k52LD5WZfZn14KGy45b7P0wZLzGdDEw66rJozpEX 1ed/a24KfVGze27gArtCdo7jvb7T7m/2bZHufbn15M6idWuE47V/CW9+NHPhytPqMs07T1x1 f1cpO19tyTXuOHfHPU7/pr2eE1XxRomlOCPRUIu5qDgRAF0omoHOAgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/1aIDuXb6ehYMfzcoagFoQ3FRMjQ>
Cc: "ipsec@ietf.org WG" <ipsec@ietf.org>, Paul Wouters <paul@nohats.ca>
Subject: Re: [IPsec] New Version Notification for draft-tran-ipsecme-ikev2-yang-00.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2016 23:37:13 -0000

I agree that time intervals for IKE retransmits should be measured in milliseconds, not seconds.

Thanks,
Tommy

> On Mar 28, 2016, at 4:31 PM, Daniel Migault <daniel.migault@ericsson.com> wrote:
> 
> With the second as a unit. We cannot do it. However if we set it millisecond we are fine. We also have a field that specify the policy. This field should provide the policies of the different implementtation.  Such feed back is definitely usefull for the next iteration of the draft.
> 
> BR
> Daniel
> 
> On Mar 28, 2016 18:06, "Paul Wouters" <paul@nohats.ca <mailto:paul@nohats.ca>> wrote:
> 
> 
> Sent from my iPhone
> 
> On Mar 28, 2016, at 16:43, Daniel Migault <daniel.migault@ericsson.com <mailto:daniel.migault@ericsson.com>> wrote:
> 
>> Hi Paul, 
>> 
>> I leave my co-authors to respond on the YANG aspects. 
>> 
>> Regarding the initial-retransmission-timeout I think we meant a time in second. Do you think we need more options?
> 
> Libreswan retransmits at 0.5 second and the doubling the interval up to 30 seconds. So 0.5, 1, 2, 4, 8, 16.
> 
> I don't think that you can put that in?
> 
> Note I didn't read all the options, there might be others too. I think to be sure, you need to look at various implementations and see if it can work.
> 
> Paul
> 
>> BR, 
>> Daniel
>> 
>> On Mon, Mar 28, 2016 at 11:29 AM, Paul Wouters <paul@nohats.ca <mailto:paul@nohats.ca>> wrote:
>> On Sun, 27 Mar 2016, Daniel Migault wrote:
>> 
>> Subject: [IPsec] FW: New Version Notification for
>>     draft-tran-ipsecme-ikev2-yang-00.txt
>> 
>> Please find our first version for the YANG model for IKEv2. Feel free
>> to post comments. I would be also happy to have face-to-face
>> discussions on the draft - especially from IKEv2 implementers.
>> 
>> Might be good for me to have a talk about it, especially because I'm
>> not a yang person. . I'm still a bit confused about the syntax. There is
>> code in the document that looks like "ready to use" but also looks like
>> "example to use". like:
>> 
>>   description
>>        "This YANG module defines the configuration and operational
>>         state data for Internet Key Exchange version 2 (IKEv2) on
>>         IETF draft.
>>         Copyright (c) 2016 Ericsson AB.
>>         All rights reserved.";
>> 
>> All rights reserved? huh? Is that an example? or is this an error?
>> 
>> I'm confused about units too, like:
>> 
>>   leaf initial-retransmission-timeout {
>>            type uint32;
>>            description
>>              "initial retransmission timeout value";
>>          }
>> 
>> look weird to me. What's the unit here? uint32 is not a unit, it is
>> a number Is this seconds? miliseconds? seconds since 1970? Since 1772?
>> 
>> Some of it looks like just copying IANA registries? So that would be
>> outdated quickly. How would that get updated? Should we really put
>> chunks of code in RFCs like that?
>> 
>> Paul
>> 
>> 
>> _______________________________________________
>> IPsec mailing list
>> IPsec@ietf.org <mailto:IPsec@ietf.org>
>> https://www.ietf.org/mailman/listinfo/ipsec <https://www.ietf.org/mailman/listinfo/ipsec>
>> 
>> _______________________________________________
>> IPsec mailing list
>> IPsec@ietf.org <mailto:IPsec@ietf.org>
>> https://www.ietf.org/mailman/listinfo/ipsec <https://www.ietf.org/mailman/listinfo/ipsec>
> 
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org <mailto:IPsec@ietf.org>
> https://www.ietf.org/mailman/listinfo/ipsec <https://www.ietf.org/mailman/listinfo/ipsec>
> 
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email