Re: [IPsec] Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2 draft
Tero Kivinen <kivinen@iki.fi> Sun, 10 May 2020 11:20 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B8F63A08EA; Sun, 10 May 2020 04:20:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iki.fi
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8snn3kD8ubyB; Sun, 10 May 2020 04:20:13 -0700 (PDT)
Received: from lahtoruutu.iki.fi (lahtoruutu.iki.fi [212.16.98.55]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA4C73A08EC; Sun, 10 May 2020 04:20:11 -0700 (PDT)
Received: from fireball.acr.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: kivinen) by lahtoruutu.iki.fi (Postfix) with ESMTPSA id 753A21B0042E; Sun, 10 May 2020 14:20:08 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1589109608; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iaiIt2AN20MeRntY/iP9NZRGEmDEDkQRreKiK/vEkOk=; b=IdJ0SHZqDwrPEunw8/oizKG4IrZPT/Gc9biehu5tnQ94zgUHTZIdqeZEgsiWtB8cxh1Pf+ EiDAY4Dvy2badfxV8jiFcGU3yoQJErDzpr9oeysZzH9m54/TejYT7v2VfaLdmZFNyBumYQ GOQ6wVz97frrLDx3HPlVj7uL34xhXFhklH0Xz1c9KAvBihOe/T/SeCls+poLe8yjCNllW0 OmdNzU6Do1JQWNvKQFm8fCc285H6APw+EdhB77N44dnjIclBoBp/XynfsOJrkw+K5oX4N6 nKTmoyd0e6RVwbGfUsk6A4hchA9Ruly1mUFF1VLrgtlBSbMyEH4EFHY/f5NFzA==
Received: by fireball.acr.fi (Postfix, from userid 15204) id 7655B25C15C5; Sun, 10 May 2020 14:20:07 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <24247.58215.388734.625949@fireball.acr.fi>
Date: Sun, 10 May 2020 14:20:07 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: Valery Smyslov <smyslov.ietf@gmail.com>, ipsec@ietf.org, ipsecme-chairs@ietf.org, 'Tommy Pauly' <tpauly@apple.com>, 'Yoav Nir' <ynir.ietf@gmail.com>
In-Reply-To: <20200509000012.GX27494@kduck.mit.edu>
References: <0b5201d61d43$0f16dfe0$2d449fa0$@gmail.com> <53F12987-8F6B-46B7-831C-A4185E2B3805@apple.com> <007d01d61e3c$c43a8990$4caf9cb0$@gmail.com> <69538081-E679-4BE4-A818-6AD424ECBCF0@gmail.com> <20200503224914.GG27494@kduck.mit.edu> <004a01d621da$3ebab960$bc302c20$@gmail.com> <20200509000012.GX27494@kduck.mit.edu>
X-Mailer: VM 8.2.0b under 26.3 (x86_64--netbsd)
X-Edit-Time: 13 min
X-Total-Time: 20 min
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1589109608; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iaiIt2AN20MeRntY/iP9NZRGEmDEDkQRreKiK/vEkOk=; b=IDXlROzLTGH+rOBd+wS6+9OHaupjQzKIUeTaPbWMr8RZm1aaz/e7atC5/HBmxsOrcROQHu 40FdpiOdIiHcEE+Ur/7uifhZ2fbtH72TR2JE39BpM40mBQEjFPzneLrPeaG8dXWpNujmAZ qkVEJgIPoLXoPYuixyoxxupCylnaHn5XVJHbniFzxNWwQwraDFyk390dcZFcPbdB2S8Qdz PhvhPBatETbEbbF8kKPk5bFU93L/EkyrcyNOqao9Ignk0UHO1MtTz3bPUFDD4IvXcP39Cy 6uJ1e8MrhVfschjbAFKMaBQaaxVk1F/JlX7gYh6lMgp7u3zcMVQoWgH4pFC+IA==
ARC-Seal: i=1; s=lahtoruutu; d=iki.fi; t=1589109608; a=rsa-sha256; cv=none; b=ZZQ8Ii/H+ByrEdAH/e6UMU9KAEqhZpCXqTjRJgYqmosI+PuPEtn+Ymeu3IwIymhZdOjCkv dHL4O9eW4psRNQjk7AUff06QdSR4D8lcP5MmAo+/lqHXVjD6ijdfqMJEWik/Mthk+CmOiy NGceeZlsvfDxkQ1ShPVvOK8VAJw0X/vK4Jt+wol9qR3qaeqDCKkWdwHVPR+yqwvIxin3Wc /NCRdtNdGWK5WAa10Y12nVt1Ww8AsFloL5ib3wEqDJeJ9DzvXWr+xl03JfBdZxjY1ghntD Vq+P00ad235Ph5hoAUXObOUvdyokVnFy/9JE1M0WY5+iKDts+JKBxqwhSIMC3A==
ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=kivinen smtp.mailfrom=kivinen@iki.fi
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/B3p05IHeRnsHJUoMhiGaBgWyoeo>
Subject: Re: [IPsec] Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2 draft
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 May 2020 11:20:19 -0000
Benjamin Kaduk writes: > Sorry! I think that the current charter allows us to do an 8229bis > without additional rechartering. Good. I myself think it is better to do bis documents than just clarification guidelines as splitting things to multiple documents do make things harder to implement. Also I think that currently everything in the draft is really a clarification to the original document, i.e. something that the original document should have already said more clearly, and in some cases there are new rules to be added to the processing of the packets. There are no real implementation guidelines in the current draft, i.e., something that would say something like "when doing xxx, it is often good idea to do yyy also", or "to implement zzz, algorithm like aaa is good, but others can also be used". I.e., cases where there are multiple ways of doing same thing, and any of them can be used, but some of them has been found to be better than others. Because of this I think it would be quite natural to start making the bis document instead of clarification document if authors are willing to work on such draft too... -- kivinen@iki.fi
- [IPsec] Clarifications and Implementation Guideli… Valery Smyslov
- Re: [IPsec] Clarifications and Implementation Gui… Tommy Pauly
- Re: [IPsec] Clarifications and Implementation Gui… Paul Wouters
- Re: [IPsec] Clarifications and Implementation Gui… Valery Smyslov
- Re: [IPsec] Clarifications and Implementation Gui… Yoav Nir
- Re: [IPsec] Clarifications and Implementation Gui… Benjamin Kaduk
- Re: [IPsec] Clarifications and Implementation Gui… Valery Smyslov
- Re: [IPsec] Clarifications and Implementation Gui… Benjamin Kaduk
- Re: [IPsec] Clarifications and Implementation Gui… Tero Kivinen