IETF Logo Mail Archive

Re: [IPsec] Update and WGLC request [Re: I-D Action: draft-ietf-ipsecme-iptfs-02.txt]

Valery Smyslov <smyslov.ietf@gmail.com> Tue, 13 October 2020 13:43 UTC

Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A8B63A0FF0; Tue, 13 Oct 2020 06:43:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id re9NZy0FLx02; Tue, 13 Oct 2020 06:43:13 -0700 (PDT)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF5FD3A0FD2; Tue, 13 Oct 2020 06:43:12 -0700 (PDT)
Received: by mail-ed1-x529.google.com with SMTP id 33so20913466edq.13; Tue, 13 Oct 2020 06:43:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:thread-index:content-language; bh=0Et6TAysE7CbwnoCvbvzwj2GLk5/32b/FjgD/O4sJf4=; b=rPPsyslOvt01VbbCVwAAOANAgkJMMCf55weWr82fZ/9+T+CRHlUPd7Oc3aiv9dgpTX 5pjY6xR8TQcXWGR6cTfFf0ZXpf1jRNDQRyfrIwOLmKS8gpN29F+lMMNTAHE4lF3HgQqv IYHb7K13iE9+HD52BUiQb1oNN/kCN+Euvjwq6nhDRdiTaRlPu9KJMhBlwQQX2S3Q+1Hv DZddcD+CggeBuX/LyzxkQRuUUtnI82CjBK2D4KU5v3O4rswbWfpPlAkEC4thIEgUdPBM 5KJlsx3qDYQEUvcYZUko34Kmo6KhDKZ2mMO4ljl4nB16riWTykHzgi0DhlysBPktm7O2 Cbdw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:thread-index:content-language; bh=0Et6TAysE7CbwnoCvbvzwj2GLk5/32b/FjgD/O4sJf4=; b=RkstwGAkrXZHsMlyss8hkWj2oZv1rZTEJEpuHXhV9YiNRdfH9Sq2ip2MSsg0wTaLz8 SwQQfWRGU7VoX9MPZs/lBVw3wncHkbB21zUZC3qgzMZWe1Vn5wE8i+7tadNja8iopLF7 cPsq3vW8gTaD2+//H/e2tWRNnsOUIbuRVZuVuTX0nOzAuJWLs3HD6qkRXKcKIkq34wmt sE4vUtDcAENtAX1GSFVXye12konei+zaSYxdXNJLUzRfhiUQenGTx6Pz6r6TKdrHCy9f tFHssZ4cSJbTZEEhz33qh8yCem12PeRHUO35RhS2Ce71K1Iub/bGQaOCRO+Nx02nI6kj GGtA==
X-Gm-Message-State: AOAM530IFSBradOMVL8TH9g9JjxeZmP69mWoDP7DGuv4ag1Efq3gwtbU K+vJ8711MWKRM6uMcNEIylxfuTX/5Jk=
X-Google-Smtp-Source: ABdhPJxVdObpFNlqlC4PtSf38cO12D4PviIjg+05YS06+vyyT09SqVnYX1pq0QFwMiksQxTmD7n8EA==
X-Received: by 2002:aa7:db82:: with SMTP id u2mr20687089edt.262.1602596591300; Tue, 13 Oct 2020 06:43:11 -0700 (PDT)
Received: from buildpc ([93.188.44.203]) by smtp.gmail.com with ESMTPSA id c5sm12689282edx.58.2020.10.13.06.43.10 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Oct 2020 06:43:10 -0700 (PDT)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: 'Christian Hopps' <chopps@chopps.org>
Cc: 'Lou Berger' <lberger@labn.net>, ipsec@ietf.org, ipsecme-chairs@ietf.org
References: <160148315262.3746.2680691950315422865@ietfa.amsl.com> <27659521-C1B0-4F0E-A6CC-C6F4B8938FFE@chopps.org> <1ab401d6a131$ae279f30$0a76dd90$@gmail.com> <ab981da9-9735-b6a9-851d-736330748ce6@labn.net> <1b0b01d6a163$15ddcce0$419966a0$@gmail.com> <980B89DC-28AA-4C1C-ACD5-9CEE5992459D@chopps.org>
In-Reply-To: <980B89DC-28AA-4C1C-ACD5-9CEE5992459D@chopps.org>
Date: Tue, 13 Oct 2020 16:43:10 +0300
Message-ID: <1b1a01d6a166$cb02e8f0$6108bad0$@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_1B1B_01D6A17F.F051A790"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQLBR9Dg1QdoZI0c6Vo/AaLkIdpDHgLCxSxRAjbXs18B6rBqnQEamLQSAVwRoYqndWUHcA==
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/IUbjTMb2KItM6Ru-Tu9QbqbyiqA>
Subject: Re: [IPsec] Update and WGLC request [Re: I-D Action: draft-ietf-ipsecme-iptfs-02.txt]
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Oct 2020 13:43:15 -0000

Hi Chris,

 

IPTFS is not always negotiated, as IKE is not always used. Supporting zero-conf IPTFS receive is very useful for supporting these
non-IKE use-cases.

 

          If you plan to use IPTFS without IKE, then make it clear in the draft that 

          Zero-Conf is only applicable for these use cases and MUST NOT be used

          if IKE is employed. That will make me happy :-)

 

          Regards,

          Valery.

          

 

 

Thanks,

Chris.






If you badly need this feature, then please make it MAY and negotiable,
so that people can ignore it. SHOULD is too strong for it,
leaving it non-negotiable is just unacceptable, IMHO.

Regards,
Valery.




Thanks,

Lou




So, please, remove it.




2. It highlights that one must send payloads that carry inner packet fragments using consecutive ESP
sequence numbered packets (with a caveat for all pad payload insertion).

That's useful clarification, thanks.

Regards,
Valery.




We feel the document is quite stable at this point and would thus like to ask for moving to WG Last Call.

Thanks,
Chris.




On Sep 30, 2020, at 12:25 PM, internet-drafts@ietf.org wrote:


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions WG of the IETF.

       Title           : IP Traffic Flow Security
       Author          : Christian Hopps
          Filename        : draft-ietf-ipsecme-iptfs-02.txt
          Pages           : 26
          Date            : 2020-09-30

Abstract:
  This document describes a mechanism to enhance IPsec traffic flow
  security by adding traffic flow confidentiality to encrypted IP
  encapsulated traffic.  Traffic flow confidentiality is provided by
  obscuring the size and frequency of IP traffic using a fixed-sized,
  constant-send-rate IPsec tunnel.  The solution allows for congestion
  control as well.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-ipsecme-iptfs/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-ipsecme-iptfs-02
https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-iptfs-02

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-iptfs-02


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec


_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email