Re: [IPsec] Éric Vyncke's Discuss on draft-ietf-ipsecme-implicit-iv-07: (with DISCUSS and COMMENT)
Daniel Migault <daniel.migault@ericsson.com> Tue, 15 October 2019 17:51 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44B8B12010F; Tue, 15 Oct 2019 10:51:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.477
X-Spam-Level:
X-Spam-Status: No, score=-1.477 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.172, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6vw6s4EkogeK; Tue, 15 Oct 2019 10:51:47 -0700 (PDT)
Received: from mail-vk1-f180.google.com (mail-vk1-f180.google.com [209.85.221.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6480120020; Tue, 15 Oct 2019 10:51:46 -0700 (PDT)
Received: by mail-vk1-f180.google.com with SMTP id d126so4547447vkb.1; Tue, 15 Oct 2019 10:51:46 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ESw5QHGIqdDOjHDhdbfWI0MSciB36pLF3OJjchjHirg=; b=Gwq/x75qtn0BmEJFq/VHgiADtHEYgk117BfDzNw4JmvsPwBCrJqKaDs1S6td8d0UR5 Qa0Qkr68HGdM99o9FP7mB8djQm96hPIHQ5smTU7TkE2aYl5IPDifAdSIw18MwOq70nCp XiXYHqQ+Y43kLBfWK3BZnRWb1+6Te7ouE2uAlqqX9i8/+0VJ7Z2NMWhm4Q6cFTSM9UlI swwh2NFSN+bLyT4vii97UhYON1Qt6wwmAk8nrqsj92P66L9uSqxuj1L00fptmhtoiwGN UWavKsn1u0pGyfQldD9jzITXjWFWQ5xSAGBc/w1huy/yB9DUDI7PAmwFBJf1++yOj6CW LKuA==
X-Gm-Message-State: APjAAAW0zwgDmlwtrckKTCMUMCiO1bypnP9MvhHeV5MtoOGp1dNPMquS CzH079J8kNlyrydJ3RA2i0OENelDHIoNY23NhBo=
X-Google-Smtp-Source: APXvYqy9EaRp7FFXuYlody+rXfGFNeK79+X7oC+aLoIH0FqyY1dKpvpOwDtnw4iuZOO5S3X1ntl236Bn/Xs1mjzeXx4=
X-Received: by 2002:ac5:cdfa:: with SMTP id v26mr19666732vkn.30.1571161905175; Tue, 15 Oct 2019 10:51:45 -0700 (PDT)
MIME-Version: 1.0
References: <157077732068.29461.12498226831215806070.idtracker@ietfa.amsl.com> <581E79DB-B1B7-4177-B747-7B12CA4AA64A@gmail.com>
In-Reply-To: <581E79DB-B1B7-4177-B747-7B12CA4AA64A@gmail.com>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Tue, 15 Oct 2019 13:51:34 -0400
Message-ID: <CADZyTk=HBuCctMN5ctDB=OgaTmp9eV9kL23zX6KF=CTceMjcuQ@mail.gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Cc: Éric Vyncke <evyncke@cisco.com>, IPsecME WG <ipsec@ietf.org>, ipsecme-chairs@ietf.org, draft-ietf-ipsecme-implicit-iv@ietf.org, The IESG <iesg@ietf.org>, Tero Kivinen <kivinen@iki.fi>
Content-Type: multipart/alternative; boundary="0000000000003e218e0594f6a339"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/MusgqA0QO-zzM0ltguedGHHG8Qc>
Subject: Re: [IPsec] Éric Vyncke's Discuss on draft-ietf-ipsecme-implicit-iv-07: (with DISCUSS and COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2019 17:51:49 -0000
Hi Éric, Thanks for the review. Please find my response inline as well as the updated text: https://github.com/mglt/draft-mglt-ipsecme-implicit-iv/blob/master/draft-ietf-ipsecme-implicit-iv.txt We will probably publish the new version by tomorrow. Yours, Daniel On Fri, Oct 11, 2019 at 5:16 AM Yoav Nir <ynir.ietf@gmail.com> wrote: > Hi, Éric. Please see inline. > > > On 11 Oct 2019, at 10:02, Éric Vyncke via Datatracker <noreply@ietf.org> > wrote: > > > > Éric Vyncke has entered the following ballot position for > > draft-ietf-ipsecme-implicit-iv-07: Discuss > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to > https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-ipsecme-implicit-iv/ > > > > > > > > ---------------------------------------------------------------------- > > DISCUSS: > > ---------------------------------------------------------------------- > > > > Thank you for the work put into this document. I am trusting the > security AD to > > check whether it is safe not to have a 'random' IV. > > I’m sure they will, but as an explanation, some algorithms require a > random IV. Examples are AES in CBC mode. Other algorithms do not require a > random IV, but do require a unique IV. The documents describing such > algorithms recommend using either a simple counter or an LFSR to generate > the IV. Examples are AES in counter mode and ChaCha20. Our draft specifies > IIV only for the latter kind of algorithms. > > > I have one trivial-to-fix > > DISCUSS and a couple of COMMENTs. > > > > It is also unclear at first sight whether the 'nonce' built from the > sequence > > number is actually the IIV. > > Although they use the same fields, the literature tends to call the random > kind an "Initialization Vector" and the must-not-repeat kind a “Nonce”. In > IPsec the field is called IV, so there is some confusion in the terms. > The current version tries to clarify that by being more consistent with the IPsec terminology - at least I hope so. This is correct that what IPsec calls nonce is also called IV in the literature. > > > > > Regards, > > > > -éric > > > > == DISCUSS == > > > > -- Section 1 -- > > D.1) Please use the RFC 8174 template ;) > > Right, our bad. This is probably because this document has been making > the rounds for over 3 years. Will fix. > > Fixed > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > == COMMENTS == > > -- Section 5 -- > > C.1) "inside the SA Payload" probably worth being a little more > descriptive > > here (for instance, "SA payload in the IKE exchange" ?). Also suggest > to use > > "IKE Initiator Behavior" for the section title. > > OK > Fixed > > > -- Section 8 -- > > C.2) please use the usual text for IANA considerations (notably asking > IANA to > > register as this is not this document that registers the codes). > > Yes, since we received early assignment I think we should go with the > “IANA has assigned the following values…” text, and leave a reminder that > the reference should be updated. > > Fixed > > > > == NITS == > > > > In several places, s/8 byte nonce/8-byte nonce/ > > Will fix. > > Fixed > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec >
- [IPsec] Éric Vyncke's Discuss on draft-ietf-ipsec… Éric Vyncke via Datatracker
- Re: [IPsec] Éric Vyncke's Discuss on draft-ietf-i… Yoav Nir
- Re: [IPsec] Éric Vyncke's Discuss on draft-ietf-i… Eric Vyncke (evyncke)
- Re: [IPsec] Éric Vyncke's Discuss on draft-ietf-i… Daniel Migault