Re: [IPsec] AD re-review of draft-ietf-ipsecme-ad-vpn-problem
Vishwas Manral <vishwas.ietf@gmail.com> Wed, 22 May 2013 02:09 UTC
Return-Path: <vishwas.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2800C21F8ACD for <ipsec@ietfa.amsl.com>; Tue, 21 May 2013 19:09:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fsmIDbqYCAW7 for <ipsec@ietfa.amsl.com>; Tue, 21 May 2013 19:09:58 -0700 (PDT)
Received: from mail-ie0-x233.google.com (mail-ie0-x233.google.com [IPv6:2607:f8b0:4001:c03::233]) by ietfa.amsl.com (Postfix) with ESMTP id 3C6EB21F896B for <ipsec@ietf.org>; Tue, 21 May 2013 19:09:58 -0700 (PDT)
Received: by mail-ie0-f179.google.com with SMTP id c13so3812635ieb.24 for <ipsec@ietf.org>; Tue, 21 May 2013 19:09:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=jjzt9TITRpPBi1EW4wjO3sEgTmzFHiImryyVSEsvncw=; b=LmLGUy6VBuBzpYlRrswOxty6EW3PeIPvyBmT/DVwC8AooRMN2kJhSKgZkyWEzU+M7Y lWzxlqEmglI8X1x8bWrXdNjd4IH3zKeBOVUk49CloIg75lHzE1TfV6TymGYpjvtOxaYa dAG7tB5tnPBNfHshSU4az5zpp+X3gDAj3Fsfh+9lmMXc6CwmuPUYx3HtYjUXwtSrmyGB xPyf17Iju9gVIW8UecuR868HAoEy/Rmr89Nz082NilPw5SY1qU5Elw4lEorDI7t5sK3S SS7PG7kVuP8f4ymnePMdobpzDdFrr0xA20jJ7D08hTuosWOMeELSqh5oyOiBmIO66DtA shmw==
MIME-Version: 1.0
X-Received: by 10.50.114.33 with SMTP id jd1mr9745546igb.30.1369188597750; Tue, 21 May 2013 19:09:57 -0700 (PDT)
Received: by 10.50.46.170 with HTTP; Tue, 21 May 2013 19:09:57 -0700 (PDT)
In-Reply-To: <A2BDCCE9-94A2-410D-9833-009E8943525C@vpnc.org>
References: <517FDAC7.8080701@ieca.com> <A2BDCCE9-94A2-410D-9833-009E8943525C@vpnc.org>
Date: Wed, 22 May 2013 07:39:57 +0530
Message-ID: <CAOyVPHQ_FpgxK2bvS6pN9CnX=42Db2rSB=Q85_GGEuSMDytxAA@mail.gmail.com>
From: Vishwas Manral <vishwas.ietf@gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: multipart/alternative; boundary="047d7b41418effe73304dd450fc9"
Cc: IPsecme WG <ipsec@ietf.org>, "draft-ietf-ipsecme-ad-vpn-problem@tools.ietf.org" <draft-ietf-ipsecme-ad-vpn-problem@tools.ietf.org>, Sean Turner <turners@ieca.com>
Subject: Re: [IPsec] AD re-review of draft-ietf-ipsecme-ad-vpn-problem
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 May 2013 02:09:59 -0000
Hi Paul, I will try to get this done around the first week of June. I am currently travelling till the end of the week. Thanks, Vishwas On Tue, May 21, 2013 at 6:57 AM, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > Document authors: when might we have the update so Sean can move this > forwards? We are gated on this before we solicit AD-VPN protocols. > > --Paul Hoffman > > On Apr 30, 2013, at 7:52 AM, Sean Turner <turners@ieca.com> wrote: > > > Please incorporate the QoS issue brought up by Toby. I'd like to make > sure we have everything in the draft that the WG wants before issuing the > WGLC. I also think the TSV/RTG directorates/ADs will be interested in that. > > > > Can you explain the rationale for the following the changes to > requirement #5; I'm just not following it: > > > > OLD: > > > > 5. One ADVPN peer MUST NOT be able to impersonate another ADVPN > peer. > > > > NEW: > > > > 5. Any of the ADVPN Peers MUST NOT have a way to get the long term > > authentication credentials for any other ADVPN Peers. The compromise of > an Endpoint MUST NOT affect the security of communications between other > ADVPN Peers. The compromise of a Gateway SHOULD NOT affect the security of > the communications between ADVPN Peers not associated with that Gateway. > > > > Is the first sentence still saying basically: "peers can't impersonate > peers"? > > > > Nits: > > > > - sec 1.1: Need to add what an ADVPN is and expand the acronym > > > > - sec 4/1.1: The terms allied and federated environment kind of come out > of nowhere. Please add them to s1.1. I just to make sure it's clear what > the difference is between the two. > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec >
- [IPsec] AD re-review of draft-ietf-ipsecme-ad-vpn… Sean Turner
- Re: [IPsec] AD re-review of draft-ietf-ipsecme-ad… Paul Hoffman
- Re: [IPsec] AD re-review of draft-ietf-ipsecme-ad… Vishwas Manral
- Re: [IPsec] AD re-review of draft-ietf-ipsecme-ad… Vishwas Manral
- Re: [IPsec] AD re-review of draft-ietf-ipsecme-ad… Sean Turner
- Re: [IPsec] AD re-review of draft-ietf-ipsecme-ad… Vishwas Manral
- Re: [IPsec] AD re-review of draft-ietf-ipsecme-ad… Manral, Vishwas