Re: [IPsec] [Lwip] Paul Wouters' Discuss on draft-ietf-lwig-minimal-esp-08: (with DISCUSS and COMMENT)
Paul Wouters <paul.wouters@aiven.io> Mon, 18 July 2022 19:31 UTC
Return-Path: <paul.wouters@aiven.io>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78496C14F73E for <ipsec@ietfa.amsl.com>; Mon, 18 Jul 2022 12:31:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zXHIdZKF2-2J for <ipsec@ietfa.amsl.com>; Mon, 18 Jul 2022 12:31:14 -0700 (PDT)
Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3918C1595E6 for <ipsec@ietf.org>; Mon, 18 Jul 2022 12:31:14 -0700 (PDT)
Received: by mail-ed1-x534.google.com with SMTP id g1so16691857edb.12 for <ipsec@ietf.org>; Mon, 18 Jul 2022 12:31:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; h=date:from:to:cc:subject:in-reply-to:message-id:references :mime-version; bh=Dq5N+O8cbBqU05eq3IK0dIJ0EQZ5M+IJbcZ12m9eIuk=; b=EwF58S3g/xXTzm+XL6XmgCPIRy6Xrs01YFr4QF4eGg7XgoZlI1Ra+eEBR4IqPqmtzY AC2Pbd97BVbtSPu5Zkumn+laEA9FbOqpXzpznWQGZdXQEDxJqe73lo0kHTfG6KS8Ohkn y346lUecTrr/SZBSe0viqC0Dbxm1OUXa/Wtoo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:in-reply-to:message-id :references:mime-version; bh=Dq5N+O8cbBqU05eq3IK0dIJ0EQZ5M+IJbcZ12m9eIuk=; b=cU4TIrOF8com028Jp8JnbkHp/QYgcP32uXRatgu74uOEhDUPZx4rTr1/+1LA71bho+ KFc7CKH4VcFJFwdG7oQVflHOYcxpQlVTeskjaLW9e+rXCAjz2IWIYtHuMIIrPGe/H2C2 p7q/8zUXM4tqQ1YlfYCilYDtWlicdaBQiSv4VIk3fki/MpZD0rX/KGYtya1CTgGCQwCD 01kYreLs8/P8+vXYwfwSr28MkxEPRySBxO3qSsWGSoDAAO5ZMiI2EC2X83H4NsMO9480 VRUxqX5HDmAWGeKDFSA4IB1MR8Hn+5w1Pjzq8O4hcDcB3NI9Kn0u3vw8uBlyuzDhUROM 0unA==
X-Gm-Message-State: AJIora+73SRz3258ZOfax1Ua0Q22ZEwmO7qSjhazZL4lUvh8hz41a6cD UwcvOPqVaC1YyY4LznebaHlHRQ==
X-Google-Smtp-Source: AGRyM1s93HL7nL4Qpc+Tr6ZXNMvE6CiUtsVN58O9Wj2ZOxRHFf5MRl79XgfPDwnlyNZSMKKpugW6nw==
X-Received: by 2002:a05:6402:2391:b0:43a:7ecd:5a63 with SMTP id j17-20020a056402239100b0043a7ecd5a63mr39206429eda.235.1658172673219; Mon, 18 Jul 2022 12:31:13 -0700 (PDT)
Received: from bofh.nohats.ca (bofh.nohats.ca. [193.110.157.194]) by smtp.gmail.com with ESMTPSA id 20-20020a170906311400b006feb875503fsm5739898ejx.78.2022.07.18.12.31.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jul 2022 12:31:12 -0700 (PDT)
Date: Mon, 18 Jul 2022 15:31:08 -0400
From: Paul Wouters <paul.wouters@aiven.io>
To: Daniel Migault <mglt.ietf@gmail.com>
cc: Paul Wouters <paul.wouters@aiven.io>, The IESG <iesg@ietf.org>, lwip@ietf.org, Mohit Sethi <mohit.m.sethi@ericsson.com>, draft-ietf-lwig-minimal-esp@ietf.org, lwig-chairs@ietf.org, IPsecME WG <ipsec@ietf.org>
In-Reply-To: <CADZyTkkw1h9F9pDrAYgQDOQ-BCwiezocMba4H3WUh9qvavmRYA@mail.gmail.com>
Message-ID: <c07734f1-e33c-5aa6-92fd-24938298f3ba@nohats.ca>
References: <164919648646.8778.6947253487684946962@ietfa.amsl.com> <CADZyTkkdXs8tJu_J5M_Yb-VC2SbSECLen_igUrGVGtrNFng6QA@mail.gmail.com> <CAGL5yWb5oaridQzFdxoWQdieNxDb=pOB_5sMCBM+HdgCsn_NeA@mail.gmail.com> <CADZyTkk616G+U5323wBXhR35K=FojD2+V_L5UEv-=6Xzz-A4Tw@mail.gmail.com> <CADZyTkkw1h9F9pDrAYgQDOQ-BCwiezocMba4H3WUh9qvavmRYA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="1858192029-1490355546-1658172672=:27017"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/O8knmKzyBPKnsRgHyJOHygMdW24>
Subject: Re: [IPsec] [Lwip] Paul Wouters' Discuss on draft-ietf-lwig-minimal-esp-08: (with DISCUSS and COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jul 2022 19:31:19 -0000
On Mon, 18 Jul 2022, Daniel Migault wrote: > My reading of the datatracker is that the document in IESG Evaluation::AD Followup for 117 days. I do not see any follow-up with the following email from > may 25 with the latest changes and believe all concerns have been addressed. I am wondering what prevents the document from being sent to the RFC queue > and if there is anything expected from my side. See my last email to you: Date: Tue, 24 May 2022 11:27:28 From: Paul Wouters <paul@nohats.ca> To: Daniel Migault <mglt.ietf@gmail.com> Subject: draft-ietf-lwig-minimal-esp Hi Daniel, Just a reminder that draft-ietf-lwig-minimal-esp is waiting on actions on your end to resolve the DISCUSS items. While discussing in github is useful, in the end the changes do need to go into a new draft version for the DISCUSS holders to evaluate them. I think the biggest unresolved issue is the SPI one with using just a few bytes and the "indexing" that I still do not understand. Paul The limited SPI numbers and rekeying is still not clear to me. We exchanged a few emails but that did not result in me understanding this. The sequence number discussion mentions the issue of packets falling out of the receive window. We talked about an IKE option/notify to signal this and during that discussion it also came to light that this protocol is going to be used without IKEv2. This leaves an interoprability unaddressed. And since this protocol is also meant to run without IKEv2, there is an issue of only recommending AEAD algorithms that rely on IKEv2 for its security properties. Section 6 talks about Dummy packets but the labeling of the header is a bit misleading into thinking the Next Header behaviour is modified. I had suggested the section to be renamed. > Please find my response to your comments. The current version of the file integrates the language changes as well as changes to address the concerns > of this thread: > > https://github.com/mglt/draft-mglt-lwig-minimal-esp/commit/d7710c19802bdce4c978d71ad303b739e1406f1e We ended up discussing this in email, but that did not end in my understanding. Also, the above commit did not actually make it into the draft yet. It is very hard as AD to keep track of changes that are not in the actual datatracker. Paul
- Re: [IPsec] [Lwip] Paul Wouters' Discuss on draft… Daniel Migault
- Re: [IPsec] [Lwip] Paul Wouters' Discuss on draft… Daniel Migault
- Re: [IPsec] [Lwip] Paul Wouters' Discuss on draft… Paul Wouters
- Re: [IPsec] [Lwip] Paul Wouters' Discuss on draft… Daniel Migault
- Re: [IPsec] [Lwip] Paul Wouters' Discuss on draft… Paul Wouters
- Re: [IPsec] [Lwip] Paul Wouters' Discuss on draft… Daniel Migault
- Re: [IPsec] [Lwip] Paul Wouters' Discuss on draft… Tero Kivinen
- Re: [IPsec] [Lwip] Paul Wouters' Discuss on draft… Daniel Migault