IETF Logo Mail Archive

Re: [IPsec] Ben Campbell's Yes on draft-ietf-ipsecme-rfc7321bis-05: (with COMMENT)

"Ben Campbell" <ben@nostrum.com> Thu, 16 March 2017 17:55 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F394129584; Thu, 16 Mar 2017 10:55:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.881
X-Spam-Level:
X-Spam-Status: No, score=-1.881 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 44m0Cty-3F9z; Thu, 16 Mar 2017 10:55:33 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B22FB129704; Thu, 16 Mar 2017 10:55:33 -0700 (PDT)
Received: from [10.0.1.39] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v2GHtWcN074842 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 16 Mar 2017 12:55:32 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.39]
From: Ben Campbell <ben@nostrum.com>
To: Paul Wouters <paul@nohats.ca>
Cc: The IESG <iesg@ietf.org>, draft-ietf-ipsecme-rfc7321bis@ietf.org, ipsec@ietf.org, ipsecme-chairs@ietf.org, david.waltermire@nist.gov
Date: Thu, 16 Mar 2017 12:55:31 -0500
Message-ID: <FC42939E-300F-4F17-A365-9653E9A2B2AA@nostrum.com>
In-Reply-To: <alpine.LRH.2.20.999.1703161300150.32675@bofh.nohats.ca>
References: <148962889979.14189.965850110922865986.idtracker@ietfa.amsl.com> <alpine.LRH.2.20.999.1703161300150.32675@bofh.nohats.ca>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.6r5347)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/OwjNoLf9-pIEuaeAsKjdP96ZEuM>
Subject: Re: [IPsec] Ben Campbell's Yes on draft-ietf-ipsecme-rfc7321bis-05: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2017 17:55:35 -0000

Thansk for the response. This resolves all but one of my comments, where 
I still have a question:

On 16 Mar 2017, at 12:07, Paul Wouters wrote:

> On Wed, 15 Mar 2017, Ben Campbell wrote:

[...]

>
>
> First paragraph under the table:
>
>    AUTH_NONE has been downgraded from MAY in RFC7321 to MUST NOT.  The
>    only reason NULL is acceptable is when authenticated encryption
>    algorithms are selected from Section 5.  In all other cases, NULL
>    MUST NOT be selected.

So does the authenticated encryption case make AUTH_NONE a MUST? If so, 
it would help to add something along the lines of "..., in which case 
AUTH_NONE MUST be selected."  to the 2nd sentence.

>
> Paul

v2.23.0 | Report a Bug | By Email