IETF Logo Mail Archive

Re: [IPsec] Update and WGLC request [Re: I-D Action: draft-ietf-ipsecme-iptfs-02.txt]

Valery Smyslov <smyslov.ietf@gmail.com> Tue, 13 October 2020 14:37 UTC

Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E67B43A07CE; Tue, 13 Oct 2020 07:37:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E6p2ZmjyDv-u; Tue, 13 Oct 2020 07:37:53 -0700 (PDT)
Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 401D83A07F5; Tue, 13 Oct 2020 07:37:53 -0700 (PDT)
Received: by mail-ej1-x631.google.com with SMTP id c22so178146ejx.0; Tue, 13 Oct 2020 07:37:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:thread-index:content-language; bh=i18TOPp9x66j2XgokZLzLbeWeFuC38gQFfmeBe+atMU=; b=LjEGEsGwTnssKBuclBGabjCEICJnaRch6F0we7ub9YVUJtSTS8uEjE6q1SR/Qy3kGx 26M1+rl8iKC4eLAym+wGPTI1+XdjC3/BdYzVmdp9/eShWH2GPKEViX6lHxK3hbj9fps3 fKqAeZKwJa6Zza4zPQGgd2iOpl20otrlw1Lt0m64wMA0RnkDsKVsEi+u9JHeQyCGLWEq Id8cRO8N1fDKt7HWAnLkZotVzQus2kh4tQn7ywlwkhsCMg6C9vQ9YE7yiUy3lHWrYxYs QrCuWtQKZ5OAZ6xwuD5EgFuAidxk6iexevajHCgUQW1uk4ThbTf8jHkqe0wrWp7MZkC0 X5vg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:thread-index:content-language; bh=i18TOPp9x66j2XgokZLzLbeWeFuC38gQFfmeBe+atMU=; b=UFEfJn3L7bwQLltkkSr89G3BE0LdBBKuoHIjYbnxTHNvi6bvs1S2hzllNGxwlsi3+A +P1CP7G+XFqfYZXg1PJt7ESV6EmNFvN9D4SXMSAsws0PM8y/YNR8gLRm74cicSgauLCK fkYeyuTKFW6Vu9VoIpFZjhoORc206z5yYrYeAJ4ZA66j7NPo+Jjq2NDdJJY3PBg7PiWE BLhBvJYyK2itQUEQx99aaGfyVo4WdWDLcNyLkgmxyEX9BPSPdSokfMUOFwE3lXJRCu7p fADaMXFpj5Gx04WLM89a76w9HwXHTzy7NNa+4ZQ2+IQ5iPrEkmfVCe4Fr6X1ndr91ueX YTfA==
X-Gm-Message-State: AOAM532XcE/xrDtPMo0qm9aD1WZVUcudaWMTTyWbEdOFk2Bb1IdOQU/4 wd2lIIeHJJEA38c4bpYVv7w=
X-Google-Smtp-Source: ABdhPJyANAdzCIiZ2gUWq1dMRJLyg5m9ExEk2ajsg3k5E0tK7gk5FiqAxstKPSvk1JtaBVrpZf222Q==
X-Received: by 2002:a17:906:1955:: with SMTP id b21mr84948eje.42.1602599871793; Tue, 13 Oct 2020 07:37:51 -0700 (PDT)
Received: from buildpc ([93.188.44.203]) by smtp.gmail.com with ESMTPSA id le12sm90974ejb.1.2020.10.13.07.37.50 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Oct 2020 07:37:51 -0700 (PDT)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: 'Lou Berger' <lberger@labn.net>, 'Christian Hopps' <chopps@chopps.org>, ipsec@ietf.org
Cc: ipsecme-chairs@ietf.org
References: <160148315262.3746.2680691950315422865@ietfa.amsl.com> <27659521-C1B0-4F0E-A6CC-C6F4B8938FFE@chopps.org> <1ab401d6a131$ae279f30$0a76dd90$@gmail.com> <ab981da9-9735-b6a9-851d-736330748ce6@labn.net> <1b0b01d6a163$15ddcce0$419966a0$@gmail.com> <47f569bf-de43-3aa4-ad4f-5149b82b35f6@labn.net> <1b2401d6a16a$12110940$36331bc0$@gmail.com> <86bb0855-927d-defb-374c-d6f6be13eb50@labn.net>
In-Reply-To: <86bb0855-927d-defb-374c-d6f6be13eb50@labn.net>
Date: Tue, 13 Oct 2020 17:37:50 +0300
Message-ID: <1b3001d6a16e$6e614030$4b23c090$@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_1B31_01D6A187.93AFFED0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQLBR9Dg1QdoZI0c6Vo/AaLkIdpDHgLCxSxRAjbXs18B6rBqnQEamLQSAoWVN8MCQOm3xwKebyejp0UsfoA=
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/I_-5ro03q4fTBInwNrWFFjr3zPU>
Subject: Re: [IPsec] Update and WGLC request [Re: I-D Action: draft-ietf-ipsecme-iptfs-02.txt]
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Oct 2020 14:37:55 -0000

Valery,

How about this:

OLD
   Receive-side operation of IP-TFS does not require any per-SA
   configuration on the receiver; as such, an IP-TFS implementation
   SHOULD support the option of switching to IP-TFS receive-side
   operation on receipt of the first IP-TFS payload.

NEW
   Receive-side operation of IP-TFS does not require any per-SA
   configuration on the receiver; as such, for tunnels created 
   without IKE, an IP-TFS implementation
   SHOULD support the option of switching to IP-TFS receive-side
   operation on receipt of the first IP-TFS payload for tunnels.

I can live with MAY, but would prefer SHOULD.

 

 
Does this work for you?
 
              Yes, with the following addition.
 
   Receive-side operation of IP-TFS does not require any per-SA
   configuration on the receiver; as such, for tunnels created 
   without IKE, an IP-TFS implementation
   SHOULD support the option of switching to IP-TFS receive-side
   operation on receipt of the first IP-TFS payload for tunnels.
   If IKE is used to negotiate using IP-TFS, then such switching
   MUST NOT take place.


              With this addition I don’t mind having SHOULD for ike-less case.
 
              Regards,
              Valery.
              
Lou
 

On 10/13/2020 10:06 AM, Valery Smyslov wrote:

I can live with MAY.

 
OK, but it must be negotiable in any case if you plan to use it with IKE.
Otherwise we'll get black holes.
 

On 10/13/2020 9:16 AM, Valery Smyslov wrote:

If you badly need this feature, then please make it MAY and negotiable,
so that people can ignore it. SHOULD is too strong for it,
leaving it non-negotiable is just unacceptable, IMHO.

 
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email