IETF Logo Mail Archive

Re: [IPsec] New draft on IKE Diffie-Hellman checks

Tero Kivinen <kivinen@iki.fi> Fri, 21 December 2012 10:01 UTC

Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14A7821F85D2 for <ipsec@ietfa.amsl.com>; Fri, 21 Dec 2012 02:01:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.516
X-Spam-Level:
X-Spam-Status: No, score=-102.516 tagged_above=-999 required=5 tests=[AWL=0.083, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SaCnq6Sp9MiB for <ipsec@ietfa.amsl.com>; Fri, 21 Dec 2012 02:01:21 -0800 (PST)
Received: from mail.kivinen.iki.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) by ietfa.amsl.com (Postfix) with ESMTP id 433C521F85AE for <ipsec@ietf.org>; Fri, 21 Dec 2012 02:01:21 -0800 (PST)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.5/8.14.5) with ESMTP id qBLA1G9f026052 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 21 Dec 2012 12:01:16 +0200 (EET)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.5/8.12.11) id qBLA1GgA018380; Fri, 21 Dec 2012 12:01:16 +0200 (EET)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <20692.13164.237231.901915@fireball.kivinen.iki.fi>
Date: Fri, 21 Dec 2012 12:01:16 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
In-Reply-To: <50D321BE.1080407@gmail.com>
References: <50C62D6A.8010709@gmail.com> <5808c090d8485cc6698829b522fade80.squirrel@www.trepanning.net> <A113ACFD9DF8B04F96395BDEACB340421E6940@xmb-rcd-x04.cisco.com> <50C9B0B5.9090600@secunet.com> <A113ACFD9DF8B04F96395BDEACB340421E71FE@xmb-rcd-x04.cisco.com> <a5622369ac2e85b8b04cefea05c832b8.squirrel@www.trepanning.net> <20691.6156.393731.420290@fireball.kivinen.iki.fi> <50D31B35.8090104@secunet.com> <50D321BE.1080407@gmail.com>
X-Mailer: VM 7.19 under Emacs 21.4.1
X-Edit-Time: 4 min
X-Total-Time: 3 min
Cc: IPsecme WG <ipsec@ietf.org>, Johannes Merkle <johannes.merkle@secunet.com>, Dan Harkins <dharkins@lounge.org>, "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
Subject: Re: [IPsec] New draft on IKE Diffie-Hellman checks
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Dec 2012 10:01:22 -0000

Yaron Sheffer writes:
> note that this discussion is still a bit tentative, as we are working 
> with Sean to add the "DH checks" draft into our charter. But anyway...
> 
> For formal reasons, I would like to avoid a dependency from "DH Checks" 
> on Brainpool. So the better option is #2: have Brainpool I-Ds refer to 
> our I-D in their IANA Considerations.

Ups, I misread the previous comment. I meant that the new brainpool
etc drafts should have normative reference to the DH checks draft, not
the other way around. There is no need to change the DH checks draft
to include reference to the new drafts as that would lock those two
drafts together, neither can go forward without the other. The
brainpool draft can just write in its IANA considerations section that
this document adds these groups, and these are the checks that needs
to be done for them (i.e. what to put in the DH checks column etc).

So I agree with Yaron about this...
-- 
kivinen@iki.fi

v2.23.0 | Report a Bug | By Email