[IPsec] TR: I-D Action: draft-ietf-ipsecme-ipv6-ipv4-codes-02.txt
Tero Kivinen <kivinen@iki.fi> Tue, 29 January 2019 14:21 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BF2612F18C for <ipsec@ietfa.amsl.com>; Tue, 29 Jan 2019 06:21:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.421
X-Spam-Level:
X-Spam-Status: No, score=-3.421 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_NEUTRAL=0.779] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MEBT54Zv4JMG for <ipsec@ietfa.amsl.com>; Tue, 29 Jan 2019 06:21:31 -0800 (PST)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9952712D7EA for <ipsec@ietf.org>; Tue, 29 Jan 2019 06:21:30 -0800 (PST)
Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id x0TELQqI025471 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 29 Jan 2019 16:21:26 +0200 (EET)
Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id x0TELQvE021032; Tue, 29 Jan 2019 16:21:26 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <23632.24934.655381.307535@fireball.acr.fi>
Date: Tue, 29 Jan 2019 16:21:26 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: mohamed.boucadair@orange.com
Cc: IPsecME WG <ipsec@ietf.org>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302E04234B@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
References: <154168245580.31150.9462703520955536832@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93302E04234B@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd)
X-Edit-Time: 15 min
X-Total-Time: 22 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/T-ugZFrUb3R8xcbn3M7uO7P449Q>
Subject: [IPsec] TR: I-D Action: draft-ietf-ipsecme-ipv6-ipv4-codes-02.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jan 2019 14:21:34 -0000
mohamed.boucadair@orange.com writes: > First of all, I'd like to thank all those of you who commented > during the ipsecme meeting on this draft. This is exactly the > feedback I was looking for. > > The message I got from the WG after watching the recording is to > reduce the number of requested codes which I did in -02. This is > almost close to what is suggested by Valery and Tero. I hope that > this issue is now closed. Sorry, for taking this long to come back to this, but I think it is still too complicated. We have following cases: 1) Initiator only supports/wants one address family, and it requests it. If responder supports that address family it will give address from that address family. If it also supports another family it may return ADDITIONAL_ADDRESS_FAMILY_POSSIBLE too. If responder does not support address family requested it will return INTERNAL_ADDRESS_FAILURE (and perhaps include ADDITIONAL_ADDRESS_FAMILY_POSSIBLE if request would succeed with another address family). 2) Initiator is dual stack and requests both address families. If responder support both in same IKE SA, it will return address for both. If it only supports one at time then it returns address for that and include ADDITIONAL_ADDRESS_FAMILY_POSSIBLE to indicate that making another IKE SA will allow asking another set addresses. Also I do not think making it MUST to include those notifications is something we want to do here. I think the responder MAY include them if it feels like, but of course 3gpp can then make their own requirements that this feature must be supported there... I.e., ADDITIONAL_ADDRESS_FAMILY_POSSIBLE status notification indicates that regardless whether your request succeeded or failed, the responder would support another address family than what you asked (if request failed), or what was returned (if request succeeded). As addresses are part of the IKE SA, I guess that if initiator asks for both, but do get only one of them and also got status of ADDITIONAL_ADDRESS_FAMILY_POSSIBLE, then it needs to make new IKE SA and request that another address family in that another IKE SA. -- kivinen@iki.fi
- [IPsec] I-D Action: draft-ietf-ipsecme-ipv6-ipv4-… internet-drafts
- [IPsec] TR: I-D Action: draft-ietf-ipsecme-ipv6-i… mohamed.boucadair
- [IPsec] TR: I-D Action: draft-ietf-ipsecme-ipv6-i… Tero Kivinen
- Re: [IPsec] TR: I-D Action: draft-ietf-ipsecme-ip… mohamed.boucadair
- Re: [IPsec] TR: I-D Action: draft-ietf-ipsecme-ip… Tero Kivinen
- Re: [IPsec] TR: I-D Action: draft-ietf-ipsecme-ip… mohamed.boucadair
- Re: [IPsec] TR: I-D Action: draft-ietf-ipsecme-ip… Tero Kivinen
- Re: [IPsec] TR: I-D Action: draft-ietf-ipsecme-ip… mohamed.boucadair
- Re: [IPsec] TR: I-D Action: draft-ietf-ipsecme-ip… mohamed.boucadair