IETF Logo Mail Archive

[IPsec] Issue #187, was: Re: Another round of IKEv2-bis issues

Yaron Sheffer <yaronf.ietf@gmail.com> Thu, 08 April 2010 06:02 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 56D4C3A6889 for <ipsec@core3.amsl.com>; Wed, 7 Apr 2010 23:02:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y21L5OWp9G8R for <ipsec@core3.amsl.com>; Wed, 7 Apr 2010 23:02:22 -0700 (PDT)
Received: from mail-fx0-f213.google.com (mail-fx0-f213.google.com [209.85.220.213]) by core3.amsl.com (Postfix) with ESMTP id E52BB3A689C for <ipsec@ietf.org>; Wed, 7 Apr 2010 23:02:20 -0700 (PDT)
Received: by fxm5 with SMTP id 5so1827196fxm.29 for <ipsec@ietf.org>; Wed, 07 Apr 2010 23:02:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:from:to:cc :in-reply-to:references:content-type:date:message-id:mime-version :x-mailer:content-transfer-encoding; bh=bxoA22ZBm8X3RtiI7gRtv9lUs62YRUQdI6kepy/L+cY=; b=AFdVKIS/iN0bBM/94DR0rBUzv7lk/N+w+Q3B3W8f1FKJUPjSlY+x/17PLRDTmjYVzY ZkgOk7zzHb/Do5MvTnqhsl9Dk/vok14EshfYIqhuLJCnULM4rwh3S77Ee/b6WFPMoXV8 4C8GHNvlqcyLxO2Nh/WKYsnqlX3yWfTZ03dHg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:from:to:cc:in-reply-to:references:content-type:date :message-id:mime-version:x-mailer:content-transfer-encoding; b=EV4nlTPRctBzxYq/Z/82NBkh8ao2W8POaEuqet6bdGvMGimMXUoOo7XFOH3hq9tA8R MlGmyYKAUrTm6ZcJ0pphrtjvbY8YqtjrD2Jj2Xq3LVNbxGAlRq6O1AytIXsoSXzHO8SG tOorbpoUUZlK+THWgArFFgBMkgn2Od/5LJNt0=
Received: by 10.223.17.197 with SMTP id t5mr1407220faa.84.1270706534445; Wed, 07 Apr 2010 23:02:14 -0700 (PDT)
Received: from [192.168.2.102] (dslb-094-222-010-225.pools.arcor-ip.net [94.222.10.225]) by mx.google.com with ESMTPS id 14sm10028880fxm.5.2010.04.07.23.02.13 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 07 Apr 2010 23:02:14 -0700 (PDT)
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: Yoav Nir <ynir@checkpoint.com>
In-Reply-To: <006FEB08D9C6444AB014105C9AEB133FB37650C568@il-ex01.ad.checkpoint.com>
References: <006FEB08D9C6444AB014105C9AEB133FB37650C568@il-ex01.ad.checkpoint.com>
Content-Type: text/plain; charset="UTF-8"
Date: Thu, 08 Apr 2010 08:00:38 +0200
Message-ID: <1270706438.2422.9.camel@yaronf-linux>
Mime-Version: 1.0
X-Mailer: Evolution 2.28.1
Content-Transfer-Encoding: 7bit
Cc: "ipsec@ietf.org" <ipsec@ietf.org>, 'Paul Hoffman' <paul.hoffman@vpnc.org>
Subject: [IPsec] Issue #187, was: Re: Another round of IKEv2-bis issues
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Apr 2010 06:02:23 -0000

It's kind of weird to introduce EAP while avoiding any mention of EAP
methods. So I propose:

The Extensible Authentication Protocol Payload, denoted EAP in this
document, allows IKE SAs to be authenticated using the protocol
defined in RFC 3748 [EAP] and subsequent extensions to that protocol.
When using EAP, an appropriate EAP method needs to be selected. Many of these methods have been defined, specifying the protocol's use with various authentication mechanisms. They are listed in [EAP-IANA].
A short summary of the EAP format is included here for clarity.

Thanks,
	Yaron
> 
> 
> Issue #187 - EAP introduction wording
> =====================================
> The first paragraph of 3.16 now says: 
> 
> The Extensible Authentication Protocol Payload, denoted EAP in this document, allows IKE SAs to be authenticated using the protocol defined in RFC 3748 <xref target='EAP'/> and subsequent extensions to that protocol. The full set of acceptable values for the payload is defined elsewhere, but a short summary of RFC 3748 is included here to make this document stand alone in the common cases. 
> 
> Where is "defined elsewhere"? We should be specific. 
> 
> Also, we agreed to remove the short list of EAP methods, but we didn't fix the last phrase above. Suggested wording would be appreciated.  
> 
> 
> Even Tero didn't reply to this, so here's my suggested wording (I just removed the offending sentence:
>    The Extensible Authentication Protocol Payload, denoted EAP in this
>    document, allows IKE SAs to be authenticated using the protocol
>    defined in RFC 3748 [EAP] and subsequent extensions to that protocol.
>    A short summary of the EAP format is included here for clarity.
> 
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email