Re: [IPsec] Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT)
"Eric Vyncke (evyncke)" <evyncke@cisco.com> Thu, 01 December 2022 10:41 UTC
Return-Path: <evyncke@cisco.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EFBDC14CE30; Thu, 1 Dec 2022 02:41:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.595
X-Spam-Level:
X-Spam-Status: No, score=-14.595 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=LKJOj4Ne; dkim=pass (1024-bit key) header.d=cisco.com header.b=gp4pu6Rl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23SXZfPgrpZb; Thu, 1 Dec 2022 02:41:19 -0800 (PST)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A478C14CE2F; Thu, 1 Dec 2022 02:41:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7604; q=dns/txt; s=iport; t=1669891279; x=1671100879; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=2L6G4dAqhor+QXTqgSgN1uiyk8kw2vC/vj7ntiYiL7w=; b=LKJOj4NeHpgIn1hUFSe6ZwXEKzUJkglPKIqJ/hr0yBa0Y65bvRYbUSjF qmkxZtc7qNkbweCYbcbSjFZ/sA4dK0T4Wul54dk3aDryu3fcW2bWdS+K7 7gBKGo/WxFejfcBkQUeFc1Bye5OiKxczCMNgtfPEERk7YT1qJyZTxY2IM k=;
X-IPAS-Result: A0AYAAD1g4hjmJtdJa1aHAEBAQEBAQcBARIBAQQEAQFAgTsHAQELAYFaUoECAlk6RYROg0wDhFBfiB0DgSmaX4EsgSUDQhQPAQEBDQEBOQsEAQGFBQIWhHUCJTQJDgECBAEBAQEDAgMBAQEBAQEDAQEFAQEBAgEHBBQBAQEBAQEBAR4ZBQ4QJ4VoDYZUAQEBAgESEREMAQE3AQ8CAQgODAImAgICMBUFCwIEAQ0FIoJbAYJ/IwMBD6MfAYE/AoofeoEygQGCCAEBBgQEnx0DBoEULAGHNHRegy6EYiccgUlEgRUnHIJnPoJiAoFgF4NAOYIuUotTgnuHIxw3AxkrHUADCzsyCkM1CxFMKxwbB4EMKigVAwQEAwIGEwMiAg0oMRQEKRMNKydvCQIDImEFAwMEKCwDCSEfBxURJDwHVjcBBAMCDyA4BgMJAwIiU3ECLhEVBQMLFSUIBUkECDkFBlMSAgoRAxIPBiZFDkg+ORYGJ0IBMA4OEwNdgWkEM4FxCi8umByBPgEtMxVPBCEiCAgUDi4rORE9CAkZD5YCRqw7CoNpi1GVCQQuqDxehXKRSiCNI5R3BIURAgQCBAUCDgEBBjWBLTqBW3AVZQGCPFIZD44gGR6DO4pedTsCAQYBCgEBAwkBgjqHZAEB
IronPort-PHdr: A9a23:z8BhfREH2peXzPVJ1Szy4J1GfiYY04WdBeZdwpYkircbdKOl8tyiO UHE/vxigRfPWpmT8PNLjefa8sWCEWwN6JqMqjYOJZpLURJWhcAfhQd1BsmDBAXyJ+LraCpvG sNEWRdl8ni3PFITFtz5YgjZo2a56ngZHRCsXTc=
IronPort-Data: A9a23:FIdMw6ivjg20SC22gsqGCzHEX1614BAKZh0ujC45NGQN5FlHY01je htvDz+CP66NM2ukKtsjb4Sy/UkPvJKDmNdhSws/+Cs1HipjpJueD7x1DKtf0wB+jyHnZBg6h ynLQoCYdKjYdleF+lH1dOKJQUBUjclkfJKkYAL/En03FFEMpBsJ00o5wbdj2tcw27BVPivU0 T/Mi5yHULOa82Yc3lI8s8pvfzs24ZweEBtB1rAPTagjUG32zhH5P7pDTU2FFEYUd6EPdgKMq 0kv+5nilo/R109F5tpICd8XeGVSKlLZFVDmZna7x8FOjzAazhHe3JrXO9JETWF0qzeKp+loi 9d8i8GJF1YTLr/lzbF1vxlwS0mSPIVc87PBZHO4q8HWkwvNcmDnxLNlC0Re0Y8wo7ksRzoRs 61DbmlQM3hvhMruqF6/YuRyl8IoL8TDN4IEsXYmxjbcZRojacGbHviXvoIwMDEY1+JtG/PHN swiUjd0dxrcaDNMPA03B8dr9AuvriCvL2IHwL6PnoI44mj7xRR30bOrNtfJEvSBRcxPmkeVv krN+GHhHw0XLpqY0zXt2nGtmO7JkCXTWYETUrO5ntZrmEaezUQSBQEYE1yhrpGRi1alVtlaJ gkf+iMvt7Ma9UG3QJ/6RRLQiHKetxAAHttdD+N/6RmWx6HR7kOYBWUaFHtEddg6tdcySHkp2 3eIks/nQzt1v9W9SH+G+Z+VoC+8fy8PIgcqfjENSyMI58fiu8cpk3ryos1LCqW5iJj+Hiv9h mzMpykljLJVhskOv0mmwbzZq2qIgLvpTA0N3xyUXFObszonNbS1daX9vDA38s18BIqeS1CAu l0NlM6f8P0CAPmxqcCdfAkeNOrztqraalUwlXYqTsd+r27yk5K2VdoIiAySMnuFJSrtldXBW k7YuQpL6IRUOhNGhocoPtrhUqzGIUUcfOkJu9jOZdZIJ5N2bgLCoGdlZFWb2Cbml01EfUAD1 XWzL57E4ZUyUPQPIN+KqwE1iuVDKscWnji7eHwD5077uYdynVbMIVv/DHOAb/oi8ISPqxjP/ tBUOqOikksBAb2lOXGNoNFLfDjmyETX47ir+6S7kcbecmJb9J0JUJc9PJt4IdU+xvQJ/gs21 ijlChUwJKXDaY3vcFXWNS8LhELHVpdkpnVzJj03IVutwBAejXWHss8im28MVeB/roRLlKcsJ 9FcIpnoKqoUEFzvpW9CBaQRWaQ/LnxHcyrUYXr8CNX+FrY9LzH0FijMJ1SwpHVSV3vo7KPTY dSIj2vmfHbKfCw6ZO6+VR5l5wrZUaQ18A6qY3b1Hw==
IronPort-HdrOrdr: A9a23:5h0pRq77Q3X5AmndDQPXwWqBI+orL9Y04lQ7vn2ZFiY6TiXIra +TdaoguSMc0AxhJE3Jmbi7Sc29qeu1z+873WBjB8bcYOCAghrnEGgC1/qv/9SEIUzDH4FmpN 9dmsRFeb/N5B1B/LvHCWqDYpcdKbu8gduVbI7lph8HJ2wLGsJdBkVCe3ym+yZNNW577O8CZe OhD7181lydkBosH6GGL0hAe9KGi8zAlZrgbxJDLQUg8hOygTSh76O/OwSE3z8FOgk/gYsKwC zgqUjU96+ju/a0xlv3zGnI9albn9Pn159qGNGMsM4IMT/h4zzYJ7iJGofy/gzdktvfrGrCo+ O85CvI+P4DrU85S1vF5CcFHTOQiQrGpUWSkWNwykGT3/ARDAhKevapw7gpKScwLyEbzYxBOG Uh5RPCi3MfN2KyoMy2jeK4Jy1Chw66p2EvnvUUiGEaWYwCaKVJpYha509NFowcdRiKo7zPPd MeRf003swmOW+yfjTcpC1i0dasVnM8ElOPRVUDoNWc13xTkGpix0UVycQDljNYnahNBqVs9q DBKOBlhbtORsgZYeZ0A/oAW9K+DijITQjXOGyfLFz7HOUMOm7LqZTw/LIpjdvaMqAg3d83gt DMQVlYvWk9dwbnDtCPxoRC9lTXTGC0TV3Wu7djDlhCy8rBrZbQQFm+oQoV4rmdSt0kc7jmZ8 o=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.96,209,1665446400"; d="scan'208";a="9055535"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 01 Dec 2022 10:41:18 +0000
Received: from mail.cisco.com (xfe-rtp-005.cisco.com [64.101.210.235]) by rcdn-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 2B1AfHZ2002315 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Thu, 1 Dec 2022 10:41:17 GMT
Received: from xfe-rtp-002.cisco.com (64.101.210.232) by xfe-rtp-005.cisco.com (64.101.210.235) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9; Thu, 1 Dec 2022 05:41:16 -0500
Received: from NAM04-BN8-obe.outbound.protection.outlook.com (64.101.32.56) by xfe-rtp-002.cisco.com (64.101.210.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9 via Frontend Transport; Thu, 1 Dec 2022 05:41:16 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gJHh/T+QyXib6cpaCm4t4S6k4cTStijQyLtU8i70gJwdkLnRyZI0M1YCWtzRwvNNtctg2JCsgeDU8BWhCe7CyzzR8A2/zzqS6RXGYt2NGJwPelw+UvHFS45O7PMHcWnTSMNUvVOy5rm2J2Z5fEYRP2o5c1QyFwm2/oYqYbeT5Q/KeEo9J3y+VpZ3/BqZQiPS+ndHnHw48ecdWSwHTaAXxsFB92KM3ZKnmrknzyjYqiHWpLcvYmRt5LQ4hnRijvZuqlP8BgB4prA1o8/CJN5Njer7NDWNMAi0+6E2a129OUY0YoHGXtXEGwI9ztKDC+0Xvs7ppAzCU9LDtCAbo+18NQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2L6G4dAqhor+QXTqgSgN1uiyk8kw2vC/vj7ntiYiL7w=; b=GhoKRL3qyu6PyAzfsX3K8z3WtDEhlOnHz9QpMOKc31dzOyAn04G+CtGi1ONBzu6JeqDx7Wrv9xWzYH7nHHHu7Zj4XXLroLY9p65ZW/YWrL9/uXEGelT4Faz/T+Bxu0mZhGCc1oJnHyaiFhaHGwIeG9/MOx6QhhriPxmm0nYEj4zJbU/3pTi+Ik2FcJzajsqWWINrcvUAcOF7CrbDy5+fRHCo5Zq8llStBu2YVUzxYefaPLc5m/GKnXKiUTCfHmlv+Z8XrMBaG6xU2nLARzRskA+N+5W744rTjrMQ+ALLw9fWJj+KWPbVGPAF3LrDrypV3cch6v3fFVyA0bqIOmcczg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2L6G4dAqhor+QXTqgSgN1uiyk8kw2vC/vj7ntiYiL7w=; b=gp4pu6RlbICpyQmOOuHR9vZSbeyg0Oo6vzOkbONSMEoqInJFterdd606ZW5etWXdazu/eIBUM9BVPQdYh6rEAbM4uwYuqQn+fdBAYAPq78mgyQ/XOYQQR0JO3zbMoPpLQPRujKFbYFho7Hd6b1B2cQwFuqwDJQlVzlgRjgCqtvM=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by PH0PR11MB5175.namprd11.prod.outlook.com (2603:10b6:510:3d::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5857.23; Thu, 1 Dec 2022 10:41:09 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::4fb9:9505:d986:8209]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::4fb9:9505:d986:8209%6]) with mapi id 15.20.5880.008; Thu, 1 Dec 2022 10:41:09 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Valery Smyslov <svan@elvis.ru>, 'The IESG' <iesg@ietf.org>
CC: "draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org" <draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org>, "ipsecme-chairs@ietf.org" <ipsecme-chairs@ietf.org>, "ipsec@ietf.org" <ipsec@ietf.org>, "kivinen@iki.fi" <kivinen@iki.fi>, "charliep@computer.org" <charliep@computer.org>, "gih@apnic.net" <gih@apnic.net>
Thread-Topic: Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT)
Thread-Index: AQHZBBqcxTLa/a5Y8Eq8UMXCcvBxIK5WgvCAgACVAYCAAdN0AA==
Date: Thu, 01 Dec 2022 10:41:09 +0000
Message-ID: <A1DD6BE1-824A-4BB2-82A7-C956842AD70C@cisco.com>
References: <166971468911.7554.15756404808608648113@ietfa.amsl.com> <150a01d9041a$9c8b3590$d5a1a0b0$@elvis.ru> <9F638EF3-9E79-42C2-9318-1353703D2A7B@cisco.com> <154301d90490$139fc5e0$3adf51a0$@elvis.ru>
In-Reply-To: <154301d90490$139fc5e0$3adf51a0$@elvis.ru>
Accept-Language: fr-BE, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.67.22111300
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR11MB4966:EE_|PH0PR11MB5175:EE_
x-ms-office365-filtering-correlation-id: 68a350bb-1117-468d-b6d6-08dad3888ed7
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: izfPnwEy0pkcBfh4iPKMhK0d+IXctlivA12eeoAj1VSfv7POtBGFnc97W4OVrlobcDE9LI6yWsSbDJXYdpvzJL/S2DgHSOoBVN66emwHqsjAGnMxCeH219OKTPkBU3+aJjMo4fRIVm59fDLro98kCKDJeAcRO+UlIz9nJu5aBTIRwKXqHbzk5KbKkWKbloHac1xXz/6FcWJ8c44sd7zM9BXykPi7yU133yTE+J4kwTFdBBwHk5Uy+BQrrUBziPbfV7UsqUikJkWzDKJFdtBcvNhD4RrQ9keqpn+FFvrQ2N4khr5/icC3QVyOv384kGO1L7pbgi+TsUbQaA7l1oo2SuEnAs74n/BhXQ9a4qM3SjE5iB1h442FL3lC5qyPvppGNhbuPfNi8HDr90yvnNPSik65SISSnRIwNpbBLqNw7wlq0noWbBczoLdC8kcIENNuJnKge9hH7npijwnHOhumPLvZplqG8kwVKEapfKxUcmeTKkFuesU+h/K+Inl23r+Gb60wcmi1z2RBafrWErHZnNpC1YsokrV/aEtH18dVdi3s1PAgHHQVK04p4JhDQpAdJy0Zh16LsdqDNoa25DrqpPoF4cM84u4bPWliDAHXdjEkKCeCHwowm5W2d80YJ+zKH7mbqgI2BFGA/wNWEbX2MI4ffoROAjfbHrQGEHAnRnXq79e+AB/HMos99h2ttjaOuTEPtMlIpxEms/dyNL3YIUPxEXqFxeudrF7L7tPFPf+08xLVl2fcXh6eIKrB850XmGOUvM1g6QTxjKunss3+3FP4eShMH0ESm7c+W3c2zSy6VA4rwpxad2wDDjcvBA5V
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(346002)(376002)(136003)(39860400002)(366004)(396003)(451199015)(2906002)(478600001)(316002)(224303003)(71200400001)(110136005)(6486002)(33656002)(76116006)(36756003)(54906003)(91956017)(86362001)(66574015)(83380400001)(38100700002)(122000001)(6512007)(2616005)(6506007)(38070700005)(966005)(66946007)(186003)(5660300002)(41300700001)(8936002)(66556008)(66446008)(64756008)(66476007)(4326008)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: tRcuj69U4mulrGVPFrSxqSlUDOOuug3FKRfiYwHyhEy8mXsjN8e2jSg6zdqEz6Li8OjtD6hjZS5RROA/M8r+K5lCViXYgd1pCiTBI4LU5R0cwQE1+tN9IHmO/LX93DNHmChnKmsskQOzz5QN2CO8nlcPICkyw4VuPv7gniuHvdU+V8kPtjZWOpDdyW9IHBKeaT1nyGKVXbLE9DT3Me2OjklEFBs5V9t+97hW6Xd3NOrRxaE2PP2L+KO8JEigagUAVQxhk89mM4HjGdCu0RP0rdk+X8IvhLnJY5tkCFCFCvOacOIu78wbQ7xoiLtzlGF9CQKkea91fbAdTjcqJALFm+6XHbR5LFatJ6HoIvLpOygaN1UUFg4vckt3YTnzBqU0hoxwtKXpDV1IZPORVR8tOZ6AH6gR2VFg2arrAKtLpvOVhB+6r4RMEKG5Md5DLlwAXMRRDWXSt4eNz4ctiFwjsvW0dzB2XoMSicxo/jOjbAg5G/qpTM2DDa4B79jjt3Z5T6iONTeMr2XPXsNShExh1LqG5ANoz4P7InT8z08X0dZIUFsHyl+YQvKqRLNoT8aE4CL6GjVP4JUwmr8hoQzhRj+mLs5+bOt0c5cefzKtxVlkzSfjiT338eIs3SCTYYUcK+DIw0c94JTaVXz/nMc+gzuKB6cky7sx6w/1kmsGhq+6CYka89+1yOyTuRr5Up8vf9tvrlnXj0bD6HUHhnocZCHqPqaErMXyWtw73jxJQKiKJgQf/XqjWimIJiFFAp56gTPAqM2IEEATn+8ryQP8s2bGvHPNQKUc805fasmp1sAwVDiogwiCqp+RNPYQKNllvXYC5IiI1Sd4G/zgSMV2K3/dWCX+V8noHmd51HePQ0JVo+bu3iOeZv+cYahIphQRG7X3fyI3nTZudQsZJ13RVuSbjuSVzoN3bVXxX0UqbEvkw1FEGO4bb6QJU58K2iM/7zdM2hHwsBkZkbzp0PpoQt3WcTFEb7bCNomNbTiIOMDfnNhr1RPfBsgMj84KoFZEJgCZX0xTUx7feC7TAs9ugfk8CAgeeWjRNiQa9ng4njnOebu7DVLdHEwNOAmIfNMblQivSBvm5esb6qTp8vVzS6VKi3BcHJGzPub79UPB1Evxzh2WpUeDXjwH67lAgERnjsPBmGIIfllDKBNcWBgpQ/P5IBicXoRhK3TrZOX6aTYmdiPa32VQv0NtXyyWWI5i4cb1f3LceMzOffv3K9O8wb0X3NZIqJMojxiKGgEYNyg0mGFpDXLDBppEd3lebTJ9wQywBWMkaTURKPtXWNBSag4qVtMB4z49pSTWQJoMWByRh13P9Meem/p3LyTfWqkA5RIg79J0JRHqqs97ULcuq2WK94CTc1wW2kypNIdEj0/mDffnLaLqRIMVz/3hN0WrM2oAWFDlfsYUacGYbAvsu8D5+FbMUx7ZOz87RlFuwJeyql8++cbAZGXM/m3UYzjh6jWlgzrWok58hAFtBBtzudEfcUsMSdrHK4P3pKJGNWkd/PSvnW19lmOEz+S2um5waCwWsuZ2LsnZJ7XvpOgpNoiqg/bZ6es6jx4YWdnlhw+powndIg8qn35GoKzNbuD+3W+A7H+JS/mKZRSkMHXEchynQg273XDZIfTmTkaXMfOuXzOJiEPioJOXJK4nSFeJ
Content-Type: text/plain; charset="utf-8"
Content-ID: <7416F56F6BEB124987A341B67FE2C7A4@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 68a350bb-1117-468d-b6d6-08dad3888ed7
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Dec 2022 10:41:09.1704 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pchm3IVPSBF1yDMQ95CeBbnJRPryHgmtE/VL6Nk34iAToxC1oE7bLmSF/zfH8SfIqoyO2ST2sa0LmHxGi2F6iw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5175
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 64.101.210.235, xfe-rtp-005.cisco.com
X-Outbound-Node: rcdn-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/BaJgs4ceuKNfj2xXZFcKQzqkZ4Y>
Subject: Re: [IPsec] Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Dec 2022 10:41:24 -0000
Hello Valery,
Thanks for your suggested text for the abstract, may I suggest a little more concise (albeit less precise) text for the 2nd paragraph (up to the authors of course):
The primary application of this feature in IKEv2 is the ability to perform one or more
post-quantum key exchanges in conjunction with the classical key exchange,
so that the resulting shared key is resistant against quantum computer attacks.
Since there is currently no post-quantum key exchange that is against conventional (non-quantum)
adversaries, performing multiple key exchanges with different post-quantum algorithms along
with the classical key exchange algorithms addresses this concern, since the
overall security is at least as strong as each individual primitive.
Hope this helps
-éric
On 30/11/2022, 08:48, "iesg on behalf of Valery Smyslov" <iesg-bounces@ietf.org on behalf of svan@elvis.ru> wrote:
Hi Éric,
> Hello Valery,
>
> TL;DR: Thanks for your reply and your comments. I agree with them ;-)
>
> If you want a more detailed reply, then look for EV> below
OK, I snipped the text where we have an agreement.
> Regards
>
> -éric
[snipped]
> > The bullet 2) is a nice explanation about *why* there must be multiple key
> > exchanges with different methods. Until reading that part, I was really
> > wondering why this I-D was about the link with PQC and multiple key exchanges.
> > Should this be mentioned in the abstract already ?
>
> I don't mind, but as far as I know, IESG wants abstract to be short :-)
> If you (and other ADs) think it's a good idea, then we'll add this text.
>
> EV> I know about short abstract, but they should also give an idea of the content & purpose
If it is OK with the IESG we'll extend the abstract with this text. It will look like:
This document describes how to extend the Internet Key Exchange Protocol
Version 2 (IKEv2) to allow multiple key exchanges to take place
while computing a shared secret during a Security Association (SA) setup.
The primary application of this feature in IKEv2 is the ability to perform one or more
post-quantum key exchanges in conjunction with the classical (Elliptic Curve) Diffie-Hellman (EC)DH key exchange,
so that the resulting shared key is resistant against quantum computer attacks.
Since there is currently no post-quantum key exchange that is trusted at
the level that (EC)DH is trusted for against conventional (non-quantum)
adversaries, performing multiple key exchanges with different post-quantum algorithms along
with the well-established classical key exchange algorithms addresses this concern, since the
overall security is at least as strong as each individual primitive.
Another possible application for this extension is the ability to combine several key exchanges
in situations when no single key exchange algorithm is trusted by both initiator and responder.
This document updates RFC7296 by renaming a transform type 4 from "Diffie-Hellman Group (D-H)"
to "Key Exchange Method (KE)" and renaming a field in the Key Exchange Payload from "Diffie-Hellman Group Num"
to "Key Exchange Method". It also renames an IANA registry for this transform type
from "Transform Type 4 - Diffie-Hellman Group Transform IDs" to
"Transform Type 4 - Key Exchange Method Transform IDs". These changes generalize
key exchange algorithms that can be used in IKEv2.
Hope it's now clear and not *too* long :-)
> > Should "FIPS" be prefixed by "USA" as in "USA FIPS" ?
>
> I don't know, rely on my co-authors (actually it seems that
> this is a well-known organization outside USA, but formally you are right).
>
> EV> I live a in Federal state as well (Belgium), so while I understand that FIPS stands for the USA one, let's
> be inclusive. Up to you and the authors.
No problem, will change the text to:
USA Federal Information Processing Standards (FIPS) compliance. IPsec is widely used in Federal Information
Systems and FIPS certification is an important requirement.
However, at the time of writing, none of the algorithms that is believed
to be post-quantum is FIPS compliant yet. Nonetheless, it is possible to combine
this post-quantum algorithm with a FIPS complaint key establishment method so that
the overall design remains FIPS compliant [NISTPQCFAQ].
Is it OK that prefix "USA" is added once and not to every appearance of "FIPS" ?
The updated PR is available at:
https://github.com/post-quantum/ietf-pq-ikev2/pull/22
Regards,
Valery.
> > ## Notes
> >
> > This review is in the ["IETF Comments" Markdown format][ICMF], You can use the
> > [`ietf-comments` tool][ICT] to automatically convert this review into
> > individual GitHub issues.
> >
> > [ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md
> > [ICT]: https://github.com/mnot/ietf-comments
> >
>
>
- [IPsec] Éric Vyncke's No Objection on draft-ietf-… Éric Vyncke via Datatracker
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Eric Vyncke (evyncke)
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Eric Vyncke (evyncke)
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Eric Vyncke (evyncke)