Re: [IPsec] Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-auth-announce-09: (with COMMENT)
"Eric Vyncke (evyncke)" <evyncke@cisco.com> Fri, 12 April 2024 09:12 UTC
Return-Path: <evyncke@cisco.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2F39C14F602; Fri, 12 Apr 2024 02:12:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -13.932
X-Spam-Level:
X-Spam-Status: No, score=-13.932 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-2.049, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SPF_HELO_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b="dTbRI7qX"; dkim=pass (1024-bit key) header.d=cisco.com header.b="gv85IkIm"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id umGipSVsZm-p; Fri, 12 Apr 2024 02:12:38 -0700 (PDT)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58BE4C14F61F; Fri, 12 Apr 2024 02:12:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; i=@cisco.com; l=31994; q=dns/txt; s=iport; t=1712913154; x=1714122754; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=pj650Rfwbw4LLsfS5im5/z/3FA91sRLgjxr+XAZEmbo=; b=dTbRI7qXIlcIapbJuZ3havrUVlsojzCHhupaMx86Vlh5S5fLg9YtWn2l bgX2ul/XWNE6fTGW7km2e7A8ejmqqkOockiXtmzcozCc6ryByvzL3q4E/ WE1H8VX6HZwBe8NC95v8fRV9DQ+qblfM7Fwk4FZpVIfPaiWFWa68qSpDn Q=;
X-CSE-ConnectionGUID: NiVfdhvqRIOgOWguR7orUQ==
X-CSE-MsgGUID: OhPSDW9+SiKpj2kFSfFoYg==
X-IPAS-Result: A0ADAAAT+hhm/40NJK1aGQEBAQEBAQEBAQEBAQEBAQEBARIBAQEBAQEBAQEBAQFAJYEWBAEBAQEBCwGBQDFSB3MCgQUSSIghA4ROX4hsA5FCjEYUgREDVg8BAQENAQE7CQQBAYUGAogWAiY0CQ4BAgICAQEBAQMCAwEBAQEBAQEBAQUBAQUBAQECAQcFgQoThW0NhlkBAQEBAgESLgEBNwEECwIBCA4DAwECIQEGBzEUCQgCBAENBQgODIJfghclIwMBEAalAAGBQAKKKHiBNIEBggoBAQYEBYE9AhBB22UDBoFIAYgrASSBMYhjJxuBSUSBFUKBZoECPoJhAQECAYEoARIBIwUZDQkCg1yCL4MbjE84gxRBgRw9AoEUgSUvgQ+IE1R3IgMmMyERAVUTIQk6DwwaAhsUDSQjAiw+AwkKEAIWAx0UBDIRCQsmAyoGNgISDAYGBlsgFgkEIwMIBANQAyBwEQMEGgQLB3WBfoE9BBNHEIEyihcMgX2BNimBUCmBEoMiC0JxhCB8A0QdQAMLbT01FBsFBB8BgRgFnEEBOQIBgngGAQE8GgwEIg0MEAgUZwcBHC41CAkRDhYgDwOSLhQQCo8MR44Fk0eBPAqEE4wOlVUXgwSBAYx+kXuGUmSTDYVVII1UlRUCMg+FDwIEAgQFAg8BAQY1gS88aXBwFTuCZ1IZD4M8imQ4g0KFFJlfeAI5AgcBCgEBAwkBimcBAQ
IronPort-PHdr: A9a23:MHZk1hb3a5syYdhqgyxVSu3/LTDmhN3EVzX9orIuj7ZIN6O78IunZ grU5O5mixnCWoCIo/5Hiu+Dq6n7QiRA+peOtnkebYZBHwEIk8QYngEsQYaFBET3IeSsbnkSF 8VZX1gj9Ha+YgBOAMirX1TJuTWp6CIKXBD2NA57POPwT4PMnsK81O2a8JzIaAIOjz24Mvt+K RysplDJv9INyct6f7w8yBbCvjNEev8Dw2RuKBPbk0P359y7+9ho9CE4hg==
IronPort-Data: A9a23:tmmshaI/Nndz8+iiFE+RwZQlxSXFcZb7ZxGr2PjKsXjdYENS0z1Sm zRNUWjUMqmDZ2qneNgib4rio08G6JSHmoc3QQUd+CA2RRqmiyZq6fd1j6vUF3nPRiEWZBs/t 63yUvGZcYZpCCaa/k/0WlTYhSEU/bmSQbbhA/LzNCl0RAt1IA8skhsLd9QR2uaEuvDnRVvS0 T/Oi5eHYgP9h2cuajt8B5+r8XuDgtyj4Fv0gXRmDRx7lAe2v2UYCpsZOZawIxPQKqFIHvS3T vr017qw+GXU5X8FUrtJRZ6iLyXm6paLVeS/oiI+t5qK23CulQRuukoPD8fwXG8M49m/c3+d/ /0W3XC4YV9B0qQhA43xWTEAe811FfUuFLMqvRFTvOTLp3AqfUcAzN1IDX84MY0G49xWJm5py vMFEm8KdC260rfeLLKTEoGAh+wqKM3teYgYoHwlnXfSDO0tRtbIRKCiCd1whWhrwJsQW6+FI ZNFMFKDbzyYC/FLEloJGZQ1n+qAjXjkeDoeo1WQzUYyyzKPnVUsi+O2bLI5fPStRf1usnnJ5 VnH3Hz7WBI0D9KxzguKpyfEaujn2HmTtJgpPLyg7fNhqFye2mJVDwcZPXO6ueK0gUuzHtlfI k0O4QIvoLQ8skuxQbHVUwexrmLBvxMAVZ9RC/Y34wSAj6vX7hjDQ2EZUj4EYdogs9IwTjEC1 1KVkZXuHzMHmLyYUn2197qIo3W1Iyd9EIMZTSYASQ1A6N75rcRjyBnOVd1kVqWyi7UZBA3N/ txDlwBn7507hs8Q3KL99lfC6w9AbLCQJuLpzm07hl6Y0z4=
IronPort-HdrOrdr: A9a23:wt2qtqi4tDRbdVWujaMiv5MUnHBQX5V23DAbv31ZSRFFG/FwyP re/8jzhCWVtN9OYhAdcIi7Sdi9qBPnmaKc4eEqTM6ftXrdyRuVxeBZnMTfKljbak/DH4FmpN pdmsRFebrN5B1B/LjHCWqDYpgdKbu8gdyVbI7lph8HI3AOGsVdBkVCe3mm+yZNNXF77O8CZe ChD7181kGdkBosH6KGL0hAddLu4/fMk5XrawMHARkI1Cmi5AnD1JfKVzKj8lM7ST1g/ZcOmF Kpr+X+3MqemsD+7iWZ+37Y7pxQltek4MBEHtawhs8cLSipohq0Zax6Mofy/AwdkaWK0hIHgd PMqxAvM4BY8HXKZFy4phPrxk3JzCsu0Xn/0lWV6EGT4vARBQhKSfapt7gpNicx2HBQ++2UF5 g7mV5xgqAnSC8oWh6NvuQgGSsaznZc6kBS4tL7x0YvI7f2LoUh7LD2OChuYc099OWQ0vF9LM B+SM7b//pYalWccjTQuXRu2sWlWjApEg6BWVVqgL3e79F6pgEw86Ij/r1Vol4QsJYmD5VU7e XNNapl0LlIU88NdKp4QOMMW9G+BGDBSQ/FdDv6GyWqKIgXf3bW75Ln6rQ84++nPJQO0ZspgZ zEFFdVr3Q7dU7iAdCHmJdL7hfOSmOgWimF8LAS27Fp/rnnALb7OyyKT14j18OmvvUEG8XeH+ 2+PZpHasWTZFcG2bw5qTEWd6MiXkX2Cvdlz+rTc2j+1v72Fg==
X-Talos-CUID: 9a23:TzzJMWCOF7gWEGn6Ew9mykAYGt48SFz6w1DvLFKCVmFzdYTAHA==
X-Talos-MUID: 9a23:6phk7QlqBg+nrudMwXIDdnpFNP9Tz5v/S3sMso0E4cqqDiJePAaS2WE=
X-IronPort-Anti-Spam-Filtered: true
Received: from alln-core-8.cisco.com ([173.36.13.141]) by alln-iport-3.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Apr 2024 09:12:33 +0000
Received: from alln-opgw-2.cisco.com (alln-opgw-2.cisco.com [173.37.147.250]) by alln-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 43C9CWLS010617 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 12 Apr 2024 09:12:32 GMT
X-CSE-ConnectionGUID: wFQsPoIbTgyhVN/H0Q5S0Q==
X-CSE-MsgGUID: VO0y+EZXSyiJJEjgdM8btQ==
Authentication-Results: alln-opgw-2.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=evyncke@cisco.com; dmarc=pass (p=reject dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="6.07,195,1708387200"; d="scan'208,217";a="5051268"
Received: from mail-co1nam11lp2168.outbound.protection.outlook.com (HELO NAM11-CO1-obe.outbound.protection.outlook.com) ([104.47.56.168]) by alln-opgw-2.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Apr 2024 09:12:32 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EgfsJBEGfy5BE9RLJxy6/DoT8S0g7SLIBdUCc2AHf41bDYp12kf5nnvwXEhXk3LZbFkmj6vHD3s/Qdf1djKid8prp16IC8ct7e18qVvUN7/BT3ULJgKIUNXWDx4Y/TFDFiITdds67ytaIOZiZKk8eqidvKu10g3LtJGoz4LxwX7X0C7VsOxA+RqDW99fFMT35x6+L2nb56+faGfvg5vc6C6Pr7wmyeEP1Mez39MjOPUeA5BE3G/49VBZVk91WQ1MtBLczmltDdAiv4PylbGT9rWh8mOGSvA77SADykGFDAZ48XeRK9XgQLqks4EmueVWvJHncKUy1ltvHF3E2c6+ww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pj650Rfwbw4LLsfS5im5/z/3FA91sRLgjxr+XAZEmbo=; b=eTwLhmcNq/iLs/NdWHyBxGRn868bHJ2yZFn/f1hexidu0761Hd3cF0r18hUy2s9YmjgA7xu/Zs9iBCKSS/nopHdxiNZrt1o8wGhXxTatnfL8ssSJFWxUm2+3tju83LOrbK85DtQQzaviq5b3X693gDHydRrQJpnPeyyv1RoDHbSGpFJRUeoAlhx8TxWiXH2+ug5bKpVWd//U3YoN1nOosXi/uUDDWES+hJak3vDrjXwwPSf+D6IJCgobnOWjS0OJBm1Fp97DMTj1eKcRawZO7pwqok8YsR7KGlKIm2p5JDPtWW+eE9O1gAPxJwS0MThlfE9B73f4v4jZBlZB51UoUA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pj650Rfwbw4LLsfS5im5/z/3FA91sRLgjxr+XAZEmbo=; b=gv85IkImPWdganN2lz5B2D8kM0I/Yesu5rNodrIhZAf9hV2uQuVML48cuVIRSy9Aa40lBBSlK4KFKEkaDi0SMEwa5wx1/be6QGVdFATZ2j5s3aROrPK1QKMF+myC/VRrpWK+afYV7VOCc1oDBwqs28PULSkhSUDwmlTX4WyWQd0=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by CY8PR11MB6842.namprd11.prod.outlook.com (2603:10b6:930:61::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.26; Fri, 12 Apr 2024 09:12:28 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::626d:78db:4371:447a]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::626d:78db:4371:447a%6]) with mapi id 15.20.7472.025; Fri, 12 Apr 2024 09:12:25 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Valery Smyslov <svan@elvis.ru>, 'The IESG' <iesg@ietf.org>
CC: "draft-ietf-ipsecme-ikev2-auth-announce@ietf.org" <draft-ietf-ipsecme-ikev2-auth-announce@ietf.org>, "ipsecme-chairs@ietf.org" <ipsecme-chairs@ietf.org>, "ipsec@ietf.org" <ipsec@ietf.org>, "kivinen@iki.fi" <kivinen@iki.fi>
Thread-Topic: Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-auth-announce-09: (with COMMENT)
Thread-Index: AQHai/aqaVXOxg4pAEOKNwUvFfQfrrFjDveAgAAIG+mAASpLAIAAGVbY
Date: Fri, 12 Apr 2024 09:12:25 +0000
Message-ID: <PH0PR11MB49663F83A9F2D4C0E381C7B0A9042@PH0PR11MB4966.namprd11.prod.outlook.com>
References: <171282942898.60208.16082104712999966299@ietfa.amsl.com> <039901da8c13$72cb6310$58622930$@elvis.ru> <PH0PR11MB49665734085725294196F6BAA9052@PH0PR11MB4966.namprd11.prod.outlook.com> <043701da8cac$a5ec20b0$f1c46210$@elvis.ru>
In-Reply-To: <043701da8cac$a5ec20b0$f1c46210$@elvis.ru>
Accept-Language: fr-BE, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR11MB4966:EE_|CY8PR11MB6842:EE_
x-ms-office365-filtering-correlation-id: dc9be10a-167b-4bd2-c22e-08dc5ad0ab95
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: DAdwyj6lFEmx5DyeMlgiqLin4AQpxmYOVkjihh4fQfP802H8qsOE/773smzhKhsUOv+WQ/3j2VzOsF7Lh47nOnDsWeWCwksxipcOtb8TXotkF5+1DMiIc0o12mcpaS6uo791ic1/biEZvwpQxsZB8NYAsWLK5RmkkXKffa4JaP5vbs+wyln/RWqrTryknTaoDhjKWcYayM/1KtXxfkvVxcmLJFsqXTmvGMe7ZGayUqm4DAZbv9fFIoWyuqRVAOwF5qnIgURHdxsilEk6nz2SV/ZgPJ6OmWuLMwDWHHHRlxBCdAIkjoOt1/JmEoU2nw/Ch1mEQ1PtS0TSj951Affy3O2YRoWmlJInLJka1lFB1iL+HlzJDGzwhmsnyaKT9Qxi7kboFwMvpJUR6XHmK6jECMXS3JRmVZSotIPZZnlAKmiHu+O6T/4mmqC9TmnxaU/pA3dHPCY1DDftqved38aze8ZCGJP/r/TVGrwiVDSmGsS31I+YztpaMoKyj/+Xr9P1oPWENLMZZJsTvCe2J6u9ksj4b86hfP9PJzbGedE/gDrjYNkBPyw3PLxmgleXejcW+NkD9+s1cu59mtFf+H6Dv2gcSt0JF9oP2QVB7z0AD5+7dRo15fYZW64/oc6j3vgUuj5OQ1BsgttX5w5BZjbrA4GQvAkVMlHZvh6jiXqcSp7OsMBEmkPfVZv1IKmEkxpP
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366007)(1800799015)(376005)(38070700009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: IOctlBOuw6PUpOx3YT01aSfJRT7yasyX7s9fF3pKtwHEEiRhFtVWoimTvkphi96mb7UMulvCjn358mBDykNNWPKeZ2PoSG3hgFDnakAr9EwCvbDx6KRB27+JDi/z74ZOOKFKn0yuIyh5pA0GcCScH2Z2DXxyGDiG5UDlrQXiXJEd6hRWNiJ4UzisND2VYFNzjUyGnYd7JElFlgW5qRY4bLoqT1et9pgMWHrXJLjSclqBVQamLl2gaWKWbhEfAAIj3rHdO/Wr419b91tIQ2cK5vPtM7rs/FKXXhX5qRmn/5UbLha+dhMyMlZOqs6oztFiGqoI23BzjwoiHMTo3M/c3xuJy4vqAI3pUjW3bsirVUtioXGXEIuhEgiC3Y9+EXz2+QhE3yHnYgwWT6DQN9NLbxnPQxjEVksTuCBvMij43aQxmMoTLjPtG/aQHOX2trQoc38nd3PyDXFdRZM75eBOqvBo1BMEnZEek+MpeZSkHbWidNC5/F0qbYP9SAQJXw56VgtaHH7YXMDZ0un0kQCxF2whIjwGERynY2x1BDwX6pn1j3EkyTvddSsAcC1jSuzNkt0iYGLstYnwvn2N/QMBvfIz3VmF5smzbfi2OoZ/k0NP0zqTszmrx6i7ju744sx8RVkKqDvkywzdHSXQkx4mnFrQ40oVShystBheAmd8hLnbcir+bEu+W7hCUTAM0G36rAG/Zl7khuZoWlkkKoAMgc/qOWH/z813/CMCKpxV4hd21JLVoNV6dqDvrZVBRfAtygCTEbJIVImki1dxQPC1NDFCsmEbbOCC+GuSFy8HH7QIwW8f7QHXEFrHSSdkAXOgPGE8eYRZYjtYUSJyjDuSOaqVvHiqBG3O1odn32So1Edl6/lQygY1XPKNsCEBsw/xveMKPnhoeleJfU7BXNgF7NQ0IsBpo0CdcD4Ykyosx4UVK0QJc9HsDpMCPBzN3vBBZcTg6C+JxIh6rim4H9oy+2gP2VKfe1ETkRP1tcROd4EIF2k2M9RMgVS8xuLdS22bo2iWbnO6zJ3UIaYhrRXhuhCnI99o0LYyge1+8oUdss0+LEfO+n+ugMW8k9SNt02bxACMlWK2qrWR9io/0j+BTkQD/i2+xLqGXfW7BKBENhil+Vb/43s8x1SPL67Bmzz+bPApPKPIwpb7KCX9ZSNDgoF3Y5X3tkXoO9y48vuLI5xFJEilDSdj+UtnxW9sctpcaTGwOAgrX3AnJVvb5xCjIYD3egdUOBfbTIBuc3nK9QarhAjC1aIhXBq//l4TUjD/YYZiDsea5889t4X9OQ6nhHERx/qtDfb9+VcMmdQ0rsb4iP99mEkGvr6C9f3WmVamszPwBgXBlNQMQQ8ynHkhha0grs6CxCcDEJgZ9T8nRq/I7fqrsDLAEM18eQE9vXNUI/OPeZOnPm6rrJhoJVleb5w/qBDXTG3cxBia4+7JY6sm1fhQ6HjVqC5WX6LPEbwf7FMVlYVrXKPWKAUzVRST3MQf0Wsid1WYwcv0x2+drsy70Ri8PLHccl/7sF4hRJmEsqunxk2UE55tlnYthgqz9R7BnbMU4uFgQf3tQyLowmaq1KkLlFG/o285YD04VLVXt0LoXvUCXW0fNQ5X2ZwExtwJfQwHju3Z4mpFboTJHoOsw7+4xdjMi1TZYKvmKAzPymHA4soh+tpwyEDuIhFnxA==
Content-Type: multipart/alternative; boundary="_000_PH0PR11MB49663F83A9F2D4C0E381C7B0A9042PH0PR11MB4966namp_"
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: dc9be10a-167b-4bd2-c22e-08dc5ad0ab95
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Apr 2024 09:12:25.7960 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: aX5YBEClQoyicQe5i9whUluq/T60KaqDZGlylS/oA2RhT5qs/OCyos7mtrAMqS7Upow/IA6Sh/LnswOnqHEMkA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR11MB6842
X-Outbound-SMTP-Client: 173.37.147.250, alln-opgw-2.cisco.com
X-Outbound-Node: alln-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/VOTV7TmMA1GO0zCYmpDz4Jb8IEU>
Subject: Re: [IPsec] Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-auth-announce-09: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2024 09:12:43 -0000
Thank you, Valery, for your 2nd reply and for allowing me to reply w/o on-line access to the I-D when I replied. One last comment below as EVY2> All comments were non-blocking anyway :) -éric From: Valery Smyslov <svan@elvis.ru> Date: Friday, 12 April 2024 at 09:40 To: Eric Vyncke (evyncke) <evyncke@cisco.com>, 'The IESG' <iesg@ietf.org> Cc: draft-ietf-ipsecme-ikev2-auth-announce@ietf.org <draft-ietf-ipsecme-ikev2-auth-announce@ietf.org>, ipsecme-chairs@ietf.org <ipsecme-chairs@ietf.org>, ipsec@ietf.org <ipsec@ietf.org>, kivinen@iki.fi <kivinen@iki.fi> Subject: RE: Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-auth-announce-09: (with COMMENT) Hi Éric, please see inline. Thank you, Valery, for the prompt reply. See below for EVY> Regards -éric From: Valery Smyslov <svan@elvis.ru<mailto:svan@elvis.ru>> Date: Thursday, 11 April 2024 at 15:23 To: Eric Vyncke (evyncke) <evyncke@cisco.com<mailto:evyncke@cisco.com>>, 'The IESG' <iesg@ietf.org<mailto:iesg@ietf.org>> Cc: draft-ietf-ipsecme-ikev2-auth-announce@ietf.org<mailto:draft-ietf-ipsecme-ikev2-auth-announce@ietf.org> <draft-ietf-ipsecme-ikev2-auth-announce@ietf.org<mailto:draft-ietf-ipsecme-ikev2-auth-announce@ietf.org>>, ipsecme-chairs@ietf.org<mailto:ipsecme-chairs@ietf.org> <ipsecme-chairs@ietf.org<mailto:ipsecme-chairs@ietf.org>>, ipsec@ietf.org<mailto:ipsec@ietf.org> <ipsec@ietf.org<mailto:ipsec@ietf.org>>, kivinen@iki.fi<mailto:kivinen@iki.fi> <kivinen@iki.fi<mailto:kivinen@iki.fi>> Subject: RE: Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-auth-announce-09: (with COMMENT) Hi Éric, thank you for your comments, please see inline. > Éric Vyncke has entered the following ballot position for > draft-ietf-ipsecme-ikev2-auth-announce-09: No Objection > > When responding, please keep the subject line intact and reply to all email > addresses included in the To and CC lines. (Feel free to cut this introductory > paragraph, however.) > > > Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot- > positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-auth-announce/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > # Éric Vyncke, INT AD, comments fordraft-ietf-ipsecme-ikev2-auth-announce-09 > > Thank you for the work put into this document. > > Please find below some non-blocking COMMENT points (but replies would be > appreciated even if only for my own education), and some nits. > > Special thanks to Tero Kivinen for the shepherd's detailed write-up including > the WG consensus and the justification of the intended status. > > I hope that this review helps to improve the document, > > Regards, > > -éric > > # COMMENTS (non-blocking) > > ## Abstract > > As the I-D is about authentication methods, I wonder whether `with multiple > different credentials` is the right wording, should it rather be "different > authentication methods" ? (of course with some text repetition). I believe "different credentials" may include "different authentication methods"? There are may also be some subtleties. For example, consider the situation when user has 2 certificates: RSA and ECDSA. In this case he/she has different credentials, but from IKEv2 point of view, both use the same authentication method, "Digital Signature", with different signature algorithms. I make the following change: s/multiple different credentials/multiple credentials of different type Is this better? EVY> I think so Great! > ## Section 3.1 > > `Regardless of whether the notification is received,` may be I am mis-reading > this, but why would the responder send the notification if the initiator does > not care anyway ? The responder doesn't know if the initiator cares or not. There is no negotiation of this feature, each party just makes its mind whether to send and whether to process this notification (if it is ever supported). EVY> sure it will work like described in the I-D, but I find it really weird that the initiator does not send its own list. In fact it does, but it sends this after the responder, in the following exchange. So, the responder sends its list first. This is to have the announcements and the list of trust anchors (in the CERTREQ payload) co-located in the same message. EVY2> then this may be useful to write the above justification in the document itself. > ## Section 3.2 > > While the readers may guess some details, but let's be clear in a proposed > standard I-D: > > 1) `Notification Data field` does not appear in figure 4 > 2) role of C flag and its value > 3) value of Protocol ID > 4) saying that reserved field must be set to 0 by sender and ignored on the > receiver There is a reference to Section 3.10 of RFC 7296, which contains details of how a generic payload header should be filled in. The Protocol ID and SPI Size values are defined in this document (zero). EVY> I am off-line now so cannot check in the I-D whether the reference is there. But, may I suggest to state somewhere that the fields C/protocol id/reserved are specified in RFC 7296 ? I think that since we explicitly reference the description of the Notify Payload in RFC 7296, readers will be able to know how the generic payload header fields should be filled in, right? I’m just trying to follow other IKEv2 extensions RFCs, where usually these details are omitted (if one wants to implement an IKEv2 extension, then we presume that he/she is familiar with IKEv2 enough to know how to construct a payload). What about the Protocol ID (and SPI Size), the text currently defines what should be there. The current text is: The Notify payload format is defined in Section 3.10 of [RFC7296]. When a Notify payload of type SUPPORTED_AUTH_METHODS is sent, the Protocol ID field is set to 0, the SPI Size is set to 0, meaning there is no SPI field, and the Notify Message Type is set to <TBA by IANA>. What about 1), well, the "Notification Data" is the generic name of this field in the Notify Payload. Its content depends on the type of the notify message. I quickly scanned other RFCs which defined new notifications and they all renamed the "Notification Data" to some name specific to the type of notification. So, to avoid confusion, I changed the text as follows: s/The Notification Data field/ Notification data Hope this eliminates the possible confusion. EVY> this would help indeed > ## Section 3.2.1 > > Let's be crisp and specify that the length is in octets. Done. > Is there a registry for authentication method ? or should this specification be > updated for every new authentication method ? https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-12 EVY> may I suggest to add a reference to this registry (again off-line and cannot check) It is already there (in the para describing the notification payload data, Section 3.2)! Authentication methods are represented as values from the "IKEv2 Authentication Method" registry defined in [IKEV2-IANA]. and later in the Normative references: [IKEV2-IANA] IANA, "Internet Key Exchange Version 2 (IKEv2) Parameters", <https://www.iana.org/assignments/ikev2- parameters/ikev2-parameters.xhtml#ikev2-parameters-12>. I hope no, but I cannot predict how IKEv2 would be tweaked in the future :-) > # NITS (non-blocking / cosmetic) > > ## Section 1 > > The last sentence of the 2nd paragraph is rather long and I think that "that" > should be used in `the peer which supports wider range of`. Thank you, I've been always mixing when to use "which" or "that" :-) I changed s/which/that EVY> ;-) I had to learn it myself (not easy for non English speaker) Indeed :) Regards, Valery.
- [IPsec] Éric Vyncke's No Objection on draft-ietf-… Éric Vyncke via Datatracker
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Eric Vyncke (evyncke)
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Eric Vyncke (evyncke)
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Eric Vyncke (evyncke)