IETF Logo Mail Archive

Re: [IPsec] Review of draft-ietf-ipsecme-rfc8229bis

Valery Smyslov <smyslov.ietf@gmail.com> Wed, 19 January 2022 18:45 UTC

Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF2093A1746 for <ipsec@ietfa.amsl.com>; Wed, 19 Jan 2022 10:45:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hyw7xrl3Kf0X for <ipsec@ietfa.amsl.com>; Wed, 19 Jan 2022 10:45:53 -0800 (PST)
Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B4893A1743 for <ipsec@ietf.org>; Wed, 19 Jan 2022 10:45:53 -0800 (PST)
Received: by mail-lf1-x12e.google.com with SMTP id br17so11857715lfb.6 for <ipsec@ietf.org>; Wed, 19 Jan 2022 10:45:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-transfer-encoding:thread-index :content-language; bh=B+vn7L/eCUI5oiudY7JPDKB3HiSkXnNjPVPiKA1psY8=; b=fXxP53TaM1qDYhKbKJtZbC9yn9VA6xN45AOt6n/PvYrHH2uRFE6HQuuorA9ET8fpu5 D+2FQx3ID/Awu+fqXnt83cEQQYUfifA4aDnzfOtq5wmPCnbRkRzhMKFyTPATWcGK+CLi YbqR/oIPBciiT7FAHea/mszDT5ArDOYXH62cmYoirknc9DtW6TtzItImkr86jsBtUFXR csP9k7yB1jDCYRuUvwNqoZq9Jn9Oyf4j+RFrxHE4yQQwwThFGGZ8uJaePfaISdwDIzOH Ay1cGitW7LJE79edPhuCxIap0/RCfiES4V/O6bvddDxxG5o2OucADz+Xnu5dOoWBygKo jvgg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:thread-index :content-language; bh=B+vn7L/eCUI5oiudY7JPDKB3HiSkXnNjPVPiKA1psY8=; b=w66WAvGoWTxVciz7twRTk5QfO1TGI4P7iTt1UlOyQbSTx+Z/YkQE8CZFoycV/PL+sL OHanLx35sXPhzgO5uEYMl6E4RPzXc2snNUFoVZpuFJNE8k7g+ou/4eCHP1VIC1qj6Fh1 V0zeaFBmmAAmPCK+Y2yXMl5zuswmtIdijamIZabToiOAIayiPAT6lLpCAkhUGuaLaK0r rGEC0JMDhngRaTkPd30Hhhv1v1rIE/zyts2nLytnWSikrrc+6DlZIaw8B0VCkDFKWI1U AUMPHwtkN3/wzzGZBngZgGKe/GmludeaInteGsWTxg9sAXUDIxDg9TtBUyYdJ1SIoRzu Z4Uw==
X-Gm-Message-State: AOAM532qNUnfAj2WphVF0edpdxZ4HrmbInmF5SPms0DLhEVcgkC1/3Lp 62O6lZ05YcZ0CI32k3JIcZuUjjhT8qo=
X-Google-Smtp-Source: ABdhPJy/qeTUpiQVLtYNRHKo8BY9em6KlLdNw5ApNvcpY57ykue4PoaaMi9mFlY2J7EqRkNZVdaqYQ==
X-Received: by 2002:a2e:c42:: with SMTP id o2mr25123901ljd.389.1642617950614; Wed, 19 Jan 2022 10:45:50 -0800 (PST)
Received: from buildpc ([93.188.44.204]) by smtp.gmail.com with ESMTPSA id t10sm53191lfl.78.2022.01.19.10.45.49 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Jan 2022 10:45:50 -0800 (PST)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: 'Paul Wouters' <paul.wouters=40aiven.io@dmarc.ietf.org>, ipsec@ietf.org
Cc: tpauly@apple.com
References: <acea85f6-1c72-3b79-a7f6-d4c234b9e7c@nohats.ca>
In-Reply-To: <acea85f6-1c72-3b79-a7f6-d4c234b9e7c@nohats.ca>
Date: Wed, 19 Jan 2022 21:45:51 +0300
Message-ID: <087e01d80d64$c8ab4d70$5a01e850$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQINrN/IdsOuc0WzOJRkkxx4Plg45qv/bdsQ
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/3GZX8cSOineKQ9D1LATebCDReiE>
Subject: Re: [IPsec] Review of draft-ietf-ipsecme-rfc8229bis
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jan 2022 18:45:58 -0000

Hi Paul,

a new -02 version of the draft is published. We believe it addressed your comments,
except for one, see below.

> I have reviewed the changed between draft-ietf-ipsecme-rfc8229bis and
> RFC 8229. I agree with most of these changes. I have some comments
> below. If others want to compare the draft with the RFC, see:
> 
> https://nohats.ca/draft-ietf-ipsecme-rfc8229bis-01-from-rfc8229.diff.html
> 
> 
> 
> 
>  	that may block IKE negotiation over UDP.
> 
> I would say:
> 
>  	that may not transport IKE negotiation over UDP.
> 
> Blocking sounds like an active administrative action. Most networks just
> accidentally happen to not pass UDP.
> 
> I might also change "for traversing network middleboxes" to be more neutral,
> eg "in case routers or network middleboxes do not handle UDP".

After some discussion between the authors we decided to keep the 
original text, because it was in the RFC8229 and caused no problems.

Regards,
Tommy & Valery.

[sniped]

v2.23.0 | Report a Bug | By Email