Re: [IPsec] WESP - Roadmap Ahead

Jack Kohn <kohn.jack@gmail.com> Thu, 12 November 2009 04:29 UTC

Return-Path: <kohn.jack@gmail.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4232B28C143 for <ipsec@core3.amsl.com>; Wed, 11 Nov 2009 20:29:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id npAZmkUFbL5B for <ipsec@core3.amsl.com>; Wed, 11 Nov 2009 20:29:45 -0800 (PST)
Received: from mail-gx0-f228.google.com (mail-gx0-f228.google.com [209.85.217.228]) by core3.amsl.com (Postfix) with ESMTP id 6594D3A6767 for <ipsec@ietf.org>; Wed, 11 Nov 2009 20:29:45 -0800 (PST)
Received: by gxk28 with SMTP id 28so1721944gxk.9 for <ipsec@ietf.org>; Wed, 11 Nov 2009 20:30:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=aAnDAuJZJS3Ddf3w7sFw63Uzok4LbJ51RhwywiGTZ9A=; b=vPNSR4IoKZ+9kOvpbsvBVnyV662ojXblkzD5QFAGDPVNU8DdTk2YdGA8Jwc18v8F5M 9renfcQB7l3/TnG3rBD2M1SgqjATRIC8iRC8DiJQkvNpu6Ztl3YkgH+R+O5oQVdZtoOm TPXtfIqXmbAV+0FSB/lvTVHKHnPXWqdx0hIt4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=MxJuTJ0T/WwlmR/R1QhA7x7DAtasQrh619oQvg9w4eN0fleeyxyITw+5VOe6x1NT8O ZKufFJDGKPo2Q34gL1f5PoFfZmo+m1O1ES3zk0UuMzcUqE67ZP8WdLOvyeXLZDHH/4s/ tcjeyhFtoXAlwq8rrZ7rjW0lNBadHU2TCFNXM=
MIME-Version: 1.0
Received: by 10.91.20.28 with SMTP id x28mr3788638agi.23.1258000211743; Wed, 11 Nov 2009 20:30:11 -0800 (PST)
In-Reply-To: <p0624080ec7213743dc05@133.93.16.246>
References: <dc8fd0140911110805q67759507t6cf75a1e9d81c5aa@mail.gmail.com> <p06240800c720d4538dd2@133.93.112.234> <p0624080ac7212e67c860@133.93.16.246> <8CCEE8E4-9AC4-46FB-93E4-FE61E0135EB7@doubleshotsecurity.com> <p0624080ec7213743dc05@133.93.16.246>
Date: Thu, 12 Nov 2009 10:00:11 +0530
Message-ID: <dc8fd0140911112030y46aa24f9hf3715d57446e96c0@mail.gmail.com>
From: Jack Kohn <kohn.jack@gmail.com>
To: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: "ipsec@ietf.org" <ipsec@ietf.org>, "Bhatia, Manav \(Manav\)" <manav.bhatia@alcatel-lucent.com>, Merike Kaeo <merike@doubleshotsecurity.com>
Subject: Re: [IPsec] WESP - Roadmap Ahead
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Nov 2009 04:29:46 -0000

>
> Whoops, I was wrong. I looked at 4552 and they do cite ESP-NULL (although
> they never refer to it that way) as a MUST, and AH as a MAY.

Ok, so can we work on deprecating AH? This way new standards defined
in other WGs dont have to provide support for AH.

Jack

>
> I probably was confused because the authors did not understand the IPsec
> model as per RFC 4301, when I sat down and talked with them over 3 years
> ago, with Sam Hartman in his SEC AD role. I am amazed that, in the final
> analysis, they did try to adhere to the 4301 model (see section 11)!
>
> I don't know if any other apps have done what I thought (erroneously) had
> been done here.
>
> Steve
>
>