Re: [IPsec] COMMENT: <draft-ietf-ipsecme-roadmap-09.txt>

"Frankel, Sheila E." <sheila.frankel@nist.gov> Fri, 13 August 2010 18:18 UTC

Return-Path: <sheila.frankel@nist.gov>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B0FAE3A67F3; Fri, 13 Aug 2010 11:18:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.995
X-Spam-Level:
X-Spam-Status: No, score=-5.995 tagged_above=-999 required=5 tests=[AWL=0.603, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A0+tf9dlpALZ; Fri, 13 Aug 2010 11:18:33 -0700 (PDT)
Received: from smtp.nist.gov (rimp2.nist.gov [129.6.16.227]) by core3.amsl.com (Postfix) with ESMTP id 5C7873A6833; Fri, 13 Aug 2010 11:18:33 -0700 (PDT)
Received: from WSXGHUB1.xchange.nist.gov (WSXGHUB1.xchange.nist.gov [129.6.18.96]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id o7DIIv2O012043; Fri, 13 Aug 2010 14:18:57 -0400
Received: from MBCLUSTER.xchange.nist.gov ([fe80::d479:3188:aec0:cb66]) by WSXGHUB1.xchange.nist.gov ([129.6.18.96]) with mapi; Fri, 13 Aug 2010 14:18:57 -0400
From: "Frankel, Sheila E." <sheila.frankel@nist.gov>
To: "Polk, William T." <william.polk@nist.gov>, "iesg@ietf.org" <iesg@ietf.org>, Sean Turner <turners@ieca.com>
Date: Fri, 13 Aug 2010 14:18:37 -0400
Thread-Topic: COMMENT: <draft-ietf-ipsecme-roadmap-09.txt>
Thread-Index: Acs6I3ExJISmMnP8QKurchfMIeLZCwA75oVE
Message-ID: <D7A0423E5E193F40BE6E94126930C49307AE825961@MBCLUSTER.xchange.nist.gov>
References: <20100812133607.23681.71079.idtracker@localhost>
In-Reply-To: <20100812133607.23681.71079.idtracker@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: sheila.frankel@nist.gov
Cc: "ipsec@ietf.org" <ipsec@ietf.org>, "ipsecme-chairs@tools.ietf.org" <ipsecme-chairs@tools.ietf.org>, "suresh.krishnan@ericsson.com" <suresh.krishnan@ericsson.com>
Subject: Re: [IPsec] COMMENT: <draft-ietf-ipsecme-roadmap-09.txt>
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Aug 2010 18:18:34 -0000

We just submitted an updated version (-10) of the IPsec/IKE Roadmap doc. 
In accordance with Sean's recommendations, we addressed Tim Polk's comments as follows:

> Comment:
> (1) I understand that this is a forklift upgrade for RFC 2411, so the usual 
> "Changes Since ..." section would not be helpful.  However, this document 
> has a very similar title and does obsolete 2411 if approved.  Perhaps a few
> sentences in the intro to describe that relationship would be useful!

The original intro includes:
   This document is a snapshot of IPsec- and IKE-related RFCs.  It
   includes a brief description of each RFC, along with background
   information explaining the motivation and context of IPsec's
   outgrowths and extensions.  It obsoletes the previous IPsec Document
   Roadmap [RFC2411].

Added the following:
   The obsoleted IPsec roadmap [RFC2411] briefly described the
   interrelationship of the various classes of base IPsec documents.
   The major focus of [RFC2411] was to specify the recommended contents
   of documents specifying additional encryption and authentication
   algorithms.

> (2) RFC 5282 should be added to the list of base documents in section 
> 4.1.2, IKEv2.  As noted in section 5.4, 5282 added the capability to negotiate
> combined mode algorithms to IKEv2.

IKEv2 already has the capability to negotiate combined mode algs for use 
in ESP/AH. RFC 5282 adds the capability to use combined mode algs for 
IKEv2's own traffic. This is one of a number of add-ons; it is not part 
of the base IKEv2. 

> (3) Section 5.4.3 is misplaced.  GMAC is an Integrity protection algorithm 
> and should appear in section 5.3. This will necessitate forward pointers 
> to section 5.4, since it is based on a combined mode algorithm, but it does 
> not fit with the other algorithms in 5.4 which are providing both encryption 
> and integrity-protection.

As stated in Section 5.4.3, GMAC has 2 versions: an integrity protection 
alg for AH, and a combined mode alg with null enc for ESP. We chose to 
place it with the combined mode algs, but mentioned it in Section 5.3 
(the intro section for integrity protection algs).

> (4) In section 5.2.1, last sentence of the first paragraph:
>                                                                               
> This number (the value 11 for ESP_NULL) is found on the IANA registries 
> for both IKEv1 and IKEv2, but it is not mentioned in this RFC.
> 
> "this RFC" is ambiguous - I gather the authors meant RFC 2410 (since the
> value is clearly mentioned in *this* RFC).  I suggest:
> 
> s/this RFC/[RFC2410]/

DONE

Sheila and Suresh
____________________________________
From: Sean Turner [turners@ieca.com]
Sent: Thursday, August 12, 2010 12:15 PM
To: draft-ietf-ipsecme-roadmap@tools.ietf.org
Cc: ipsecme-chairs@tools.ietf.org
Subject: Re: COMMENT: <draft-ietf-ipsecme-roadmap-09.txt>

The state of this document is now "Approved: point raised - write up
needed".

I'd like the authors to generate a new version that address #1 and #4.

I don't think we should do #2 or #3.  They are comments not discusses
so we don't have to get him to agree to us not doing them.

I'll be watching for the new version.

spt