Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes
<mohamed.boucadair@orange.com> Tue, 30 April 2019 14:06 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 297741200D5 for <ipsec@ietfa.amsl.com>; Tue, 30 Apr 2019 07:06:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mM4EWlAveMfm for <ipsec@ietfa.amsl.com>; Tue, 30 Apr 2019 07:06:04 -0700 (PDT)
Received: from orange.com (mta136.mail.business.static.orange.com [80.12.70.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B4F31200B6 for <ipsec@ietf.org>; Tue, 30 Apr 2019 07:06:04 -0700 (PDT)
Received: from opfednr05.francetelecom.fr (unknown [xx.xx.xx.69]) by opfednr26.francetelecom.fr (ESMTP service) with ESMTP id 44tjx63CNXz10d2; Tue, 30 Apr 2019 16:06:02 +0200 (CEST)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.104]) by opfednr05.francetelecom.fr (ESMTP service) with ESMTP id 44tjx62M0PzyQW; Tue, 30 Apr 2019 16:06:02 +0200 (CEST)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM5F.corporate.adroot.infra.ftgroup ([fe80::193b:bc32:1ad3:362d%21]) with mapi id 14.03.0439.000; Tue, 30 Apr 2019 16:06:02 +0200
From: mohamed.boucadair@orange.com
To: Paul Wouters <paul@nohats.ca>
CC: "ipsec@ietf.org" <ipsec@ietf.org>
Thread-Topic: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes
Thread-Index: AQHU/qYb3HfUY8UNAEyhkEccw2niI6ZUOIFAgABdCwCAACGpIA==
Date: Tue, 30 Apr 2019 14:06:01 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93302EA67EB7@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <23734.7331.402882.289451@fireball.acr.fi> <01b201d4f4f1$e617eb90$b247c2b0$@gmail.com> <636D1D4B-3E3F-47F1-B64C-A266BF871010@nohats.ca> <787AE7BB302AE849A7480A190F8B93302EA67B69@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <alpine.LRH.2.21.1904300938050.17071@bofh.nohats.ca>
In-Reply-To: <alpine.LRH.2.21.1904300938050.17071@bofh.nohats.ca>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/TbWGklB9lRqZoDNIc4IsfjSSsxw>
Subject: Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Apr 2019 14:06:09 -0000
Re-, Please see inline. Cheers, Med > -----Message d'origine----- > De : Paul Wouters [mailto:paul@nohats.ca] > Envoyé : mardi 30 avril 2019 15:40 > À : BOUCADAIR Mohamed TGI/OLN > Cc : ipsec@ietf.org > Objet : RE: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes > > On Tue, 30 Apr 2019, mohamed.boucadair@orange.com wrote: > > > The responder does not know if the initiator is dual-stack or not. For > example, an initiator can be instructed by policy to make use of separate > requests. > > Why would the initiator that is allowed by policy to do both v4 and v6 > not ask for both at once? [Med] I do fully agree that requesting both when supported would be straightforward, but I'm afraid that some implementations may not follow that behavior. Such implementations may do that: * for arbitrary reasons given that existing specs do not forbid such separate requests. * or, in some contexts such cellular devices, mimic a similar behavior for requesting separate PDP contexts instead of a dual-stack one. FWIW, this is exactly why we use this wording in the draft: If the initiator is dual-stack, it MUST include both address families in its request (absent explicit policy/configuration otherwise). > > I don't see the "use of separate requests" as a real use case. Can you > explain how this would actually happen in a real world? [Med] See the cases above. There is also the case of a responder that wants (for policy reasons) requests to be made as separate IKE SAs. For this case, requests will need to be done separately. > > Paul
- [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Tero Kivinen
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Valery Smyslov
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes mohamed.boucadair
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes mohamed.boucadair
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Valery Smyslov
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes mohamed.boucadair
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes mohamed.boucadair
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes mohamed.boucadair
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Valery Smyslov
- Re: [IPsec] Draft-ietf-ipsecme-ipv6-ipv4-codes Paul Wouters