Re: [IPsec] draft-fluhrer-qr-ikev2 AUTH issue
Vukasin Karadzic <vukasin.karadzic@gmail.com> Tue, 22 August 2017 22:49 UTC
Return-Path: <vukasin.karadzic@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4D971326E8 for <ipsec@ietfa.amsl.com>; Tue, 22 Aug 2017 15:49:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EWsWGH36OeXg for <ipsec@ietfa.amsl.com>; Tue, 22 Aug 2017 15:49:26 -0700 (PDT)
Received: from mail-wm0-x232.google.com (mail-wm0-x232.google.com [IPv6:2a00:1450:400c:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA5BF1329FF for <ipsec@ietf.org>; Tue, 22 Aug 2017 15:49:19 -0700 (PDT)
Received: by mail-wm0-x232.google.com with SMTP id b189so2521097wmd.0 for <ipsec@ietf.org>; Tue, 22 Aug 2017 15:49:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=epi6PXDrY2WyQ5n+MgqLkpzAnOTWSrwwc6LYt7I1OdY=; b=cxl0bflpR9BEj1GWxlexUVPHPkKOtpdPWDWLwwo9uhGYQCPOcYjgLFbjwF6QwddSVy vCGUgx5vmgqYiSDidLrmAwl6rE2soR4snxjs8zpfrvqUjM+gm6IKtsrj1iXmdswHo1gi lTviECaQvCTRrXjT1Mw6MTbcQqF/aMHZ7mLLzLqnSZbrjLmt9H2/PyagB8GxO2ZjwYlI NSuy8NdAnwpFOjUw0YrJC2sbY94VjtNDGo8GdRbprYFi72wVGUUrevdIo8tTqdHFi7Ag 1hWgdbKkV5pfRBDS0EQkKX0cEDOA/wObpoms2fFZl0eLoRok/XI7x5zYGfeJszX9l1eZ MG6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=epi6PXDrY2WyQ5n+MgqLkpzAnOTWSrwwc6LYt7I1OdY=; b=Z1QWi9QXAapkV2tjpT7y0mtzUzbMXai8bjVlNPEhl0YGwz+36gByC3ynI4CYs65IXf 6dNUs4aaCD7mKWjKkfzjOgss08aH6ioD8TlPifTd30Mf4pybxeh/aFyVb8wX4/mHOl9f HCRD1qNxJHPGrOdf+GLHH+LDv5XQJsjewQJTbWtIagcs3tg8p26QML7hS90sqYEpIbJU gAG79Vze3aNQ/Hmyq1k23ejDiPfGsXPnYlI/BRyg5uZ0kMXr4k9QCfA0EGXi+t75TWFc enLtWyUmGPv4dyJ1+tUonEIJpZCtda5Idu6D8lbdv73To6WgqtliX1iZfxCtxnllRY1i cPvg==
X-Gm-Message-State: AHYfb5gWg7ssU2bcuvs/BRm9QvlrOMNe44sD5hvYZPyuIqO0NMOp0KWM m5b5nAvyzMyfhWovD9X3b4itmA3/Zg==
X-Received: by 10.28.157.1 with SMTP id g1mr507948wme.111.1503442158312; Tue, 22 Aug 2017 15:49:18 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.21.81 with HTTP; Tue, 22 Aug 2017 15:49:17 -0700 (PDT)
In-Reply-To: <5ad2cc4718e2447b94b80cbb4a04dfef@XCH-ALN-010.cisco.com>
References: <alpine.LRH.2.21.1708162147570.26093@bofh.nohats.ca> <38865aa6100d491fb1beb120f72d4bda@XCH-RTP-006.cisco.com> <001701d31a89$3cf35ca0$b6da15e0$@gmail.com> <5ad2cc4718e2447b94b80cbb4a04dfef@XCH-ALN-010.cisco.com>
From: Vukasin Karadzic <vukasin.karadzic@gmail.com>
Date: Wed, 23 Aug 2017 00:49:17 +0200
Message-ID: <CAEQ8ZZdvRq4RJdnpZU6hXHGam2Yh0UaUVtyjwW6Vm1S0kutUpw@mail.gmail.com>
To: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
Cc: Valery Smyslov <svanru@gmail.com>, "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>, Paul Wouters <paul@nohats.ca>, "ipsec@ietf.org" <ipsec@ietf.org>
Content-Type: multipart/alternative; boundary="001a114ba76cc962b805575f6753"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/9NXQulzY0j5F4-Q20-FG0e7KAf4>
Subject: Re: [IPsec] draft-fluhrer-qr-ikev2 AUTH issue
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Aug 2017 22:51:51 -0000
Vukasin, > Any thoughts from an implementer's standpoint? Unfortunately no, no special thoughts. All proposed solution seem to be more or less simple to implement/add to existing implementation. In my humble opinion (I'm a GSoC student), the Valery Smyslov proposal is very clever. But I don't know whether it is "worth the trouble" doing that because of the one corner case we found. I would also point out that currently libreswan aborts the negotiation if it comes to this situation. Regards, Vukasin Karadzic
- [IPsec] draft-fluhrer-qr-ikev2 AUTH issue Paul Wouters
- [IPsec] draft-fluhrer-qr-ikev2 AUTH issue Tero Kivinen
- Re: [IPsec] draft-fluhrer-qr-ikev2 AUTH issue Scott Fluhrer (sfluhrer)
- Re: [IPsec] draft-fluhrer-qr-ikev2 AUTH issue Panos Kampanakis (pkampana)
- Re: [IPsec] draft-fluhrer-qr-ikev2 AUTH issue Paul Wouters
- Re: [IPsec] draft-fluhrer-qr-ikev2 AUTH issue Derrell Piper
- Re: [IPsec] draft-fluhrer-qr-ikev2 AUTH issue Graham Bartlett (grbartle)
- Re: [IPsec] draft-fluhrer-qr-ikev2 AUTH issue Valery Smyslov
- Re: [IPsec] draft-fluhrer-qr-ikev2 AUTH issue Panos Kampanakis (pkampana)
- Re: [IPsec] draft-fluhrer-qr-ikev2 AUTH issue Vukasin Karadzic
- Re: [IPsec] draft-fluhrer-qr-ikev2 AUTH issue Valery Smyslov
- Re: [IPsec] draft-fluhrer-qr-ikev2 AUTH issue Paul Wouters
- Re: [IPsec] draft-fluhrer-qr-ikev2 AUTH issue Panos Kampanakis (pkampana)