Re: [IPsec] Update and WGLC request [Re: I-D Action: draft-ietf-ipsecme-iptfs-02.txt]
Valery Smyslov <smyslov.ietf@gmail.com> Tue, 13 October 2020 13:43 UTC
Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A8B63A0FF0; Tue, 13 Oct 2020 06:43:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id re9NZy0FLx02; Tue, 13 Oct 2020 06:43:13 -0700 (PDT)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF5FD3A0FD2; Tue, 13 Oct 2020 06:43:12 -0700 (PDT)
Received: by mail-ed1-x529.google.com with SMTP id 33so20913466edq.13; Tue, 13 Oct 2020 06:43:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:thread-index:content-language; bh=0Et6TAysE7CbwnoCvbvzwj2GLk5/32b/FjgD/O4sJf4=; b=rPPsyslOvt01VbbCVwAAOANAgkJMMCf55weWr82fZ/9+T+CRHlUPd7Oc3aiv9dgpTX 5pjY6xR8TQcXWGR6cTfFf0ZXpf1jRNDQRyfrIwOLmKS8gpN29F+lMMNTAHE4lF3HgQqv IYHb7K13iE9+HD52BUiQb1oNN/kCN+Euvjwq6nhDRdiTaRlPu9KJMhBlwQQX2S3Q+1Hv DZddcD+CggeBuX/LyzxkQRuUUtnI82CjBK2D4KU5v3O4rswbWfpPlAkEC4thIEgUdPBM 5KJlsx3qDYQEUvcYZUko34Kmo6KhDKZ2mMO4ljl4nB16riWTykHzgi0DhlysBPktm7O2 Cbdw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:thread-index:content-language; bh=0Et6TAysE7CbwnoCvbvzwj2GLk5/32b/FjgD/O4sJf4=; b=RkstwGAkrXZHsMlyss8hkWj2oZv1rZTEJEpuHXhV9YiNRdfH9Sq2ip2MSsg0wTaLz8 SwQQfWRGU7VoX9MPZs/lBVw3wncHkbB21zUZC3qgzMZWe1Vn5wE8i+7tadNja8iopLF7 cPsq3vW8gTaD2+//H/e2tWRNnsOUIbuRVZuVuTX0nOzAuJWLs3HD6qkRXKcKIkq34wmt sE4vUtDcAENtAX1GSFVXye12konei+zaSYxdXNJLUzRfhiUQenGTx6Pz6r6TKdrHCy9f tFHssZ4cSJbTZEEhz33qh8yCem12PeRHUO35RhS2Ce71K1Iub/bGQaOCRO+Nx02nI6kj GGtA==
X-Gm-Message-State: AOAM530IFSBradOMVL8TH9g9JjxeZmP69mWoDP7DGuv4ag1Efq3gwtbU K+vJ8711MWKRM6uMcNEIylxfuTX/5Jk=
X-Google-Smtp-Source: ABdhPJxVdObpFNlqlC4PtSf38cO12D4PviIjg+05YS06+vyyT09SqVnYX1pq0QFwMiksQxTmD7n8EA==
X-Received: by 2002:aa7:db82:: with SMTP id u2mr20687089edt.262.1602596591300; Tue, 13 Oct 2020 06:43:11 -0700 (PDT)
Received: from buildpc ([93.188.44.203]) by smtp.gmail.com with ESMTPSA id c5sm12689282edx.58.2020.10.13.06.43.10 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Oct 2020 06:43:10 -0700 (PDT)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: 'Christian Hopps' <chopps@chopps.org>
Cc: 'Lou Berger' <lberger@labn.net>, ipsec@ietf.org, ipsecme-chairs@ietf.org
References: <160148315262.3746.2680691950315422865@ietfa.amsl.com> <27659521-C1B0-4F0E-A6CC-C6F4B8938FFE@chopps.org> <1ab401d6a131$ae279f30$0a76dd90$@gmail.com> <ab981da9-9735-b6a9-851d-736330748ce6@labn.net> <1b0b01d6a163$15ddcce0$419966a0$@gmail.com> <980B89DC-28AA-4C1C-ACD5-9CEE5992459D@chopps.org>
In-Reply-To: <980B89DC-28AA-4C1C-ACD5-9CEE5992459D@chopps.org>
Date: Tue, 13 Oct 2020 16:43:10 +0300
Message-ID: <1b1a01d6a166$cb02e8f0$6108bad0$@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_1B1B_01D6A17F.F051A790"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQLBR9Dg1QdoZI0c6Vo/AaLkIdpDHgLCxSxRAjbXs18B6rBqnQEamLQSAVwRoYqndWUHcA==
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/IUbjTMb2KItM6Ru-Tu9QbqbyiqA>
Subject: Re: [IPsec] Update and WGLC request [Re: I-D Action: draft-ietf-ipsecme-iptfs-02.txt]
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Oct 2020 13:43:15 -0000
Hi Chris, IPTFS is not always negotiated, as IKE is not always used. Supporting zero-conf IPTFS receive is very useful for supporting these non-IKE use-cases. If you plan to use IPTFS without IKE, then make it clear in the draft that Zero-Conf is only applicable for these use cases and MUST NOT be used if IKE is employed. That will make me happy :-) Regards, Valery. Thanks, Chris. If you badly need this feature, then please make it MAY and negotiable, so that people can ignore it. SHOULD is too strong for it, leaving it non-negotiable is just unacceptable, IMHO. Regards, Valery. Thanks, Lou So, please, remove it. 2. It highlights that one must send payloads that carry inner packet fragments using consecutive ESP sequence numbered packets (with a caveat for all pad payload insertion). That's useful clarification, thanks. Regards, Valery. We feel the document is quite stable at this point and would thus like to ask for moving to WG Last Call. Thanks, Chris. On Sep 30, 2020, at 12:25 PM, internet-drafts@ietf.org wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Maintenance and Extensions WG of the IETF. Title : IP Traffic Flow Security Author : Christian Hopps Filename : draft-ietf-ipsecme-iptfs-02.txt Pages : 26 Date : 2020-09-30 Abstract: This document describes a mechanism to enhance IPsec traffic flow security by adding traffic flow confidentiality to encrypted IP encapsulated traffic. Traffic flow confidentiality is provided by obscuring the size and frequency of IP traffic using a fixed-sized, constant-send-rate IPsec tunnel. The solution allows for congestion control as well. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-ipsecme-iptfs/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-ipsecme-iptfs-02 https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-iptfs-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-iptfs-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] I-D Action: draft-ietf-ipsecme-iptfs-02.t… internet-drafts
- [IPsec] Update and WGLC request [Re: I-D Action: … Christian Hopps
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Valery Smyslov
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Lou Berger
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Christian Hopps
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Valery Smyslov
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Christian Hopps
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Valery Smyslov
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Lou Berger
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Valery Smyslov
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Lou Berger
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Valery Smyslov
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Lou Berger
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Tero Kivinen
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Lou Berger
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Tero Kivinen
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Lou Berger
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Valery Smyslov
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Valery Smyslov
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Christian Hopps
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Valery Smyslov
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Christian Hopps
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Tero Kivinen
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Tero Kivinen
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Christian Hopps
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Christian Hopps
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Lou Berger
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Michael Richardson
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Paul Wouters
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Tero Kivinen
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Christian Hopps
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Christian Hopps
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Tero Kivinen
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Tero Kivinen
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Christian Hopps
- Re: [IPsec] Update and WGLC request [Re: I-D Acti… Lou Berger