IETF Logo Mail Archive

Re: [IPsec] Mirja Kuehlewind's Discuss on draft-ietf-ipsecme-tcp-encaps-09: (with DISCUSS)

Tero Kivinen <kivinen@iki.fi> Tue, 02 May 2017 12:27 UTC

Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F06091314C2; Tue, 2 May 2017 05:27:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.279
X-Spam-Level:
X-Spam-Status: No, score=0.279 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sc0hFXDeHLcB; Tue, 2 May 2017 05:27:57 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35A07131686; Tue, 2 May 2017 05:24:56 -0700 (PDT)
Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id v42COp9v017590 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 2 May 2017 15:24:51 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id v42COoZA015048; Tue, 2 May 2017 15:24:50 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <22792.31378.769444.232365@fireball.acr.fi>
Date: Tue, 02 May 2017 15:24:50 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>
Cc: Tommy Pauly <tpauly@apple.com>, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>, Eric Rescorla <ekr@rtfm.com>, ipsecme-chairs@ietf.org, IPsecME WG <ipsec@ietf.org>, The IESG <iesg@ietf.org>, draft-ietf-ipsecme-tcp-encaps@ietf.org
In-Reply-To: <82B5E72F-C518-420B-B941-E4CE4DD1BF87@kuehlewind.net>
References: <149312449263.5884.11168631631187069210.idtracker@ietfa.amsl.com> <1CD2BB99-CDA2-472A-9833-741FB14CAE4A@apple.com> <752dde8c-0592-288e-6920-53a211834740@kuehlewind.net> <CABcZeBMj9UpzD+CpvOMKOkUsYNSL-UQCwuYt__5XCXtH=zyesA@mail.gmail.com> <22fac532-f30b-03e3-0757-aed213e5a346@kuehlewind.net> <22785.64570.259658.376130@fireball.acr.fi> <277aa94d-5aa1-7a28-94c7-81da0966c172@kuehlewind.net> <41594727-9667-42BD-ABB1-4583A3B00EA2@apple.com> <CAKKJt-fb1vx=SzpJ_9gvtJ+SEH08nyBRGqb7F36PGw0EyJ6zmA@mail.gmail.com> <853700CB-D5DD-4BC7-A1F5-5AB61330E70D@apple.com> <22792.20148.255067.132946@fireball.acr.fi> <82B5E72F-C518-420B-B941-E4CE4DD1BF87@kuehlewind.net>
X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd)
X-Edit-Time: 9 min
X-Total-Time: 8 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/8EKWw8gu98zxhIqxjw9cYqYBWhg>
Subject: Re: [IPsec] Mirja Kuehlewind's Discuss on draft-ietf-ipsecme-tcp-encaps-09: (with DISCUSS)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 May 2017 12:27:59 -0000

Mirja Kuehlewind (IETF) writes:
> so first updating is a request to IANA, so you have to remove the
> first sentence.

Agreed, forgot to remove that. 

> Then the update of the UPD port should probably be done in a
> separate document that potentially also obsoletes 3947 if that was
> missed with 7296.

No point of doing that. Publishing 1 page document doing IANA updates
is just stupid and does not help anybody. If it cannot be done here,
we can leave it as it is now, and I talk to IANA and change this thing
separately. As this is clearly a error in the IANA registry, they have
fixed this kind of mistakes before without any need for documents
especially when registry is not RFC required or similar. They do like
to get document requests just for keeping track of changes, and thats
why I think it would be better to combine the changes in this
document, as we are going to change the TCP/4500 anyways, and fixing
the UDP/4500 references at the same time would be easy.

And yes, RFC7296 did forget to obsolete RFC3947, but this is not the
document do that, and thats why I did not suggest this to do anything
like that. I suggested just fixing the reference from the RFC3947 to
RFC3948, as RFC3948 actually describes the protocol used over the port
4500. RFC3947 does not specify the protocol for port UDP/4500, it just
refers to the RFC3948 for protocol details. Adding RFC7296 would be
good, as it provides latest information about the IKE interactions for
the RFC3948 (i.e., 7296 still uses 3948 defined protocol, but replaces
the non port 4500 related details which were in the 3947). This is
just to make sure the people reading the RFC3948 also gets pointer to
the IKE parts of the protocol (as RFC4306/5996/7296 forgot to obsolete
3947). 
-- 
kivinen@iki.fi

v2.23.0 | Report a Bug | By Email