IETF Logo Mail Archive

Re: [IPsec] Ben Campbell's Yes on draft-ietf-ipsecme-rfc7321bis-05: (with COMMENT)

"Waltermire, David A. (Fed)" <david.waltermire@nist.gov> Thu, 16 March 2017 17:14 UTC

Return-Path: <david.waltermire@nist.gov>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20FEF1296BC; Thu, 16 Mar 2017 10:14:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hwQ_pDO1stEb; Thu, 16 Mar 2017 10:14:35 -0700 (PDT)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0136.outbound.protection.outlook.com [23.103.201.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C67FE12948B; Thu, 16 Mar 2017 10:14:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=dLGcxXZzKXFyOrUfcSy/qJEIfWQfioYNXLB6+3imSvY=; b=atD/Kf5/L43eYrUmouvyktnGKA/UoS+jKvO4EtMXyoGPCHilr+lqyqDOZPRUKiLHQShYApHWHBozmj/CA9ap7wawIKkl5Zyvot4lkJo0mkfIY6nfrhY6HcHg8kRf7PF6dCG05btP71Nm7ugIZNObo/SgEe5DRAscyjyf+NRZCl4=
Received: from MWHPR09MB1440.namprd09.prod.outlook.com (10.173.50.14) by MWHPR09MB1439.namprd09.prod.outlook.com (10.173.50.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.961.17; Thu, 16 Mar 2017 17:14:33 +0000
Received: from MWHPR09MB1440.namprd09.prod.outlook.com ([10.173.50.14]) by MWHPR09MB1440.namprd09.prod.outlook.com ([10.173.50.14]) with mapi id 15.01.0961.022; Thu, 16 Mar 2017 17:14:33 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: "ipsec@ietf.org" <ipsec@ietf.org>
CC: "paul@nohats.ca" <paul@nohats.ca>, Ben Campbell <ben@nostrum.com>, The IESG <iesg@ietf.org>, "ipsecme-chairs@ietf.org" <ipsecme-chairs@ietf.org>, "draft-ietf-ipsecme-rfc7321bis@ietf.org" <draft-ietf-ipsecme-rfc7321bis@ietf.org>
Thread-Topic: [IPsec] Ben Campbell's Yes on draft-ietf-ipsecme-rfc7321bis-05: (with COMMENT)
Thread-Index: AQHSnfdl40+jpMEtEk+V4UbJ3240ZKGXs6oAgAAAe/A=
Date: Thu, 16 Mar 2017 17:14:33 +0000
Message-ID: <MWHPR09MB144055428C1A1D147484C0BAF0260@MWHPR09MB1440.namprd09.prod.outlook.com>
References: <148962889979.14189.965850110922865986.idtracker@ietfa.amsl.com> <alpine.LRH.2.20.999.1703161300150.32675@bofh.nohats.ca>
In-Reply-To: <alpine.LRH.2.20.999.1703161300150.32675@bofh.nohats.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.220.16]
x-microsoft-exchange-diagnostics: 1; MWHPR09MB1439; 7:3F3jSu1O88sK57UuCp6jd9f2OmtJoSK13PXo6ND6jr2IlhkdsaOCkNeZ9YRvK1016w6O5VWVJPYdufR7PSt4SP10c9msbJ1vNAOuqNaamlBBiOvC1FBhRcUFWz6c05hC6U+AwfrgqB4EUXoE7gHIRvpM8bpYHV83eO/nQDmWF5er5xGzZ6YeYP93lvLsZCWekafP3y6j470KXhWUvFk33vTJ2PkBRcaD5gTYuzGC+rUr5uGLFe3kokQnY/waxu9eGBdv1TT1QR1sQxTUIdkeCnbrmrZXGLwpVKIQMsjcJ4AHXF3snj2QWYCi/mKHti1VYZ53HO58myOf9F2WussEjA==
x-ld-processed: 2ab5d82f-d8fa-4797-a93e-054655c61dec,ExtAddr
x-ms-office365-filtering-correlation-id: 2ec31b9b-d5e2-4899-b36f-08d46c8fea6f
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:MWHPR09MB1439;
x-microsoft-antispam-prvs: <MWHPR09MB1439E6751B332812514D4C5FF0260@MWHPR09MB1439.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(65766998875637);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(6041248)(20161123555025)(20161123558025)(20161123564025)(20161123562025)(20161123560025)(6072148); SRVR:MWHPR09MB1439; BCL:0; PCL:0; RULEID:; SRVR:MWHPR09MB1439;
x-forefront-prvs: 024847EE92
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39850400002)(39410400002)(39860400002)(39840400002)(39450400003)(13464003)(377454003)(24454002)(66066001)(7696004)(53546007)(2351001)(189998001)(4326008)(6916009)(81166006)(2950100002)(1730700003)(8676002)(5660300001)(86362001)(54906002)(8936002)(74316002)(230783001)(305945005)(2501003)(5640700003)(6436002)(2906002)(25786008)(76176999)(50986999)(122556002)(54356999)(2900100001)(3280700002)(3660700001)(53936002)(6116002)(33656002)(55016002)(3846002)(99286003)(6246003)(229853002)(102836003)(9686003)(77096006)(110136004)(38730400002)(6506006); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR09MB1439; H:MWHPR09MB1440.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Mar 2017 17:14:33.2041 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR09MB1439
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/Tvod2E2nACE4RdROU7QmK44XcYk>
Subject: Re: [IPsec] Ben Campbell's Yes on draft-ietf-ipsecme-rfc7321bis-05: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2017 17:14:39 -0000

Comments below.

> -----Original Message-----
> From: Paul Wouters [mailto:paul@nohats.ca]
> Sent: Thursday, March 16, 2017 1:08 PM
> To: Ben Campbell <ben@nostrum.com>
> Cc: The IESG <iesg@ietf.org>; draft-ietf-ipsecme-rfc7321bis@ietf.org;
> ipsec@ietf.org; ipsecme-chairs@ietf.org; Waltermire, David A. (Fed)
> <david.waltermire@nist.gov>
> Subject: Re: [IPsec] Ben Campbell's Yes on draft-ietf-ipsecme-rfc7321bis-05:
> (with COMMENT)
> 
> On Wed, 15 Mar 2017, Ben Campbell wrote:
> 
> > -3: I wonder why "... is not to be used..." is not "... MUST NOT be
> > used...". But the section goes on to say if you do it anyway, you MUST
> > NOT use certain cryptosuites. So, does "... is not to be used..." mean
> > "SHOULD NOT"? Or is this one of those "MUST NOT BUT WE KNOW YOU
> WILL"
> > sort of requirements?
> 
> It is indeed. I think a SHOULD NOT would actually be appropriate ?

Anyone in the WG have an opinion about making this change to SHOULD NOT? Please comment soon if you do.

Thanks,
Dave

v2.23.0 | Report a Bug | By Email