IETF Logo Mail Archive

Re: [IPsec] RFC4307 & ENCR_NULL & USGv6 profile & Roadmap document

Paul Hoffman <paul.hoffman@vpnc.org> Wed, 21 October 2009 19:50 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9D18B3A694C for <ipsec@core3.amsl.com>; Wed, 21 Oct 2009 12:50:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.648
X-Spam-Level:
X-Spam-Status: No, score=-4.648 tagged_above=-999 required=5 tests=[AWL=-0.091, BAYES_05=-1.11, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bqN42jnZC0yU for <ipsec@core3.amsl.com>; Wed, 21 Oct 2009 12:49:59 -0700 (PDT)
Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id D80073A693E for <ipsec@ietf.org>; Wed, 21 Oct 2009 12:49:59 -0700 (PDT)
Received: from [10.20.30.158] (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n9LJo6Z7044157 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 21 Oct 2009 12:50:08 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p06240807c70514f45089@[10.20.30.158]>
In-Reply-To: <D7A0423E5E193F40BE6E94126930C4930789878B5E@MBCLUSTER.xchange.nist.gov>
References: <19165.48619.530034.469960@fireball.kivinen.iki.fi> <D7A0423E5E193F40BE6E94126930C4930789878B5E@MBCLUSTER.xchange.nist.gov>
Date: Wed, 21 Oct 2009 12:50:05 -0700
To: "Frankel, Sheila E." <sheila.frankel@nist.gov>, Tero Kivinen <kivinen@iki.fi>, "ipsec@ietf.org" <ipsec@ietf.org>
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="us-ascii"
Subject: Re: [IPsec] RFC4307 & ENCR_NULL & USGv6 profile & Roadmap document
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Oct 2009 19:50:00 -0000

Looking through the archives for the IPsec WG (the predecessor to this one), Tero's interpretation is probably closer to what happened than Sheila's. It is unfortunately that both Sheila and Tero use the word "clearly" when talking about RFC 4307; the archive would strongly indicate that it is inappropriate to use that word when discussion RFC 4307.

We need to remember that the flight of documents coming out of the original WG included both RFC 4305 and RFC 4307. There was some sloppy cross-over of requirements due to a poor split late in the process. However, the WG seems to have wanted to have two different sets of requirements, one for IKEv2 crypto, and one for AH/ESP crypto. This is what makes me think that Tero's interpretation is closer to what happened, regardless of what words were (possibly inappropriately) left in RFC 4307 at the point that the WG became exhausted.

--Paul Hoffman, Director
--VPN Consortium

v2.23.0 | Report a Bug | By Email