Re: [IPsec] Fwd: New Version Notification fordraft-sheffer-autovpn-00.txt
Yaron Sheffer <yaronf.ietf@gmail.com> Fri, 21 February 2014 16:39 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 296B61A03CF for <ipsec@ietfa.amsl.com>; Fri, 21 Feb 2014 08:39:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B7XhfNmP2yZ5 for <ipsec@ietfa.amsl.com>; Fri, 21 Feb 2014 08:39:07 -0800 (PST)
Received: from mail-ea0-x22d.google.com (mail-ea0-x22d.google.com [IPv6:2a00:1450:4013:c01::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 43FC01A01F4 for <ipsec@ietf.org>; Fri, 21 Feb 2014 08:39:07 -0800 (PST)
Received: by mail-ea0-f173.google.com with SMTP id n15so563149ead.32 for <ipsec@ietf.org>; Fri, 21 Feb 2014 08:39:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=JeLc/G8Cu7DcSb6xzzWrSV31zZJM+RZZwem80w+PFXk=; b=sEPh040TwN/l15SLblXger3kSG0IXBStRPJanY0VuIdG0e21fq8nBhDuW3M/9EqMDs jP3qRupaGaNnBXDAEZIGlqIA27mG9q1EirR8fHKhT6BA/HXubmeIeI3qckqPYb7eDLd+ 5jCZsJGJVHKmR4aJ1L9eLAIj/Cgt+TaPq6W36a5qSQRgMU4Z2sAZkV8hL/BCsCvuGyHZ c5XYFBhXe349+WrnCsIU+C0wOxThm2od78TNMJw8N1EeLuEvWkfRbaJI4F7N0fU7IPuR qQU1goa4QLTuKPdioRPNe7iPp8n3FCHgNk9qIRk+eObJh32aubTNUPl4lYi9CN55+ao9 rLDg==
X-Received: by 10.14.180.71 with SMTP id i47mr9540129eem.50.1393000742856; Fri, 21 Feb 2014 08:39:02 -0800 (PST)
Received: from [10.0.0.6] (bzq-79-182-122-235.red.bezeqint.net. [79.182.122.235]) by mx.google.com with ESMTPSA id m8sm18306627eef.14.2014.02.21.08.38.59 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 21 Feb 2014 08:39:01 -0800 (PST)
Message-ID: <53078122.4010504@gmail.com>
Date: Fri, 21 Feb 2014 18:38:58 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Valery Smyslov <svanru@gmail.com>, ipsec <ipsec@ietf.org>
References: <20140204033045.18512.74632.idtracker@ietfa.amsl.com> <52F0605C.5020507@gmail.com> <65EBC43335D34F00B46DB1750578F35C@buildpc>
In-Reply-To: <65EBC43335D34F00B46DB1750578F35C@buildpc>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/WMHBtPadpgl2yV9t5RF8NL1A-Sg
Subject: Re: [IPsec] Fwd: New Version Notification fordraft-sheffer-autovpn-00.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Feb 2014 16:39:10 -0000
Hi Valery, Thanks for your comments. I accept both, and we will use them for the next revision of the draft. Best, Yaron On 02/21/2014 01:28 PM, Valery Smyslov wrote: > Hi Yaron, Yoav, > > very interesting approach. Just a pair of quick comments. > > 1. You suppose to allocate 16-bytes long SPI for probe response > from "reserved" SPI space. The packet looks like UDP-encapsulated > IPsec packet, so it must start from ESP SPI, for which the values > below 256 are reserved. So, why do you make your "SPI" > 16 bytes long, while 4 bytes is enough to distinguish it from > both IKE and IPsec? > > 2. What's the reason to allocate new payloads for AutoVPN Nonce > and (especially) for Contact Details? Why Notify Payload cannot be > used? > It is more cheap resource and, I think, well suited for these > purposes. > > Regards, > Valery Smyslov. > > > > ----- Original Message ----- From: "Yaron Sheffer" <yaronf.ietf@gmail.com> > To: "ipsec" <ipsec@ietf.org> > Sent: Tuesday, February 04, 2014 7:37 AM > Subject: [IPsec] Fwd: New Version Notification > fordraft-sheffer-autovpn-00.txt > > >> Hi, >> >> Yoav and I just published this draft. The two main points are: >> >> - IPsec opportunistic encryption is also interesting between security >> gateways, not only between hosts. >> - With a bit of extra plumbing, opportunistic encryption can be >> "upgraded" post facto into full authentication. >> >> Comments are welcome on this list, but note that this is not proposed >> as a working group document. >> >> Thanks, >> Yaron >> >> -------- Original Message -------- >> Subject: New Version Notification for draft-sheffer-autovpn-00.txt >> Date: Mon, 03 Feb 2014 19:30:45 -0800 >> From: internet-drafts@ietf.org >> To: Yoav Nir <ynir@checkpoint.com>, Yaron Sheffer >> <yaronf.ietf@gmail.com>, "Yaron Sheffer" <yaronf.ietf@gmail.com>, >> "Yoav Nir" <ynir@checkpoint.com> >> >> >> A new version of I-D, draft-sheffer-autovpn-00.txt >> has been successfully submitted by Yaron Sheffer and posted to the >> IETF repository. >> >> Name: draft-sheffer-autovpn >> Revision: 00 >> Title: The AutoVPN Architecture >> Document date: 2014-02-04 >> Group: Individual Submission >> Pages: 17 >> URL: http://www.ietf.org/internet-drafts/draft-sheffer-autovpn-00.txt >> Status: https://datatracker.ietf.org/doc/draft-sheffer-autovpn/ >> Htmlized: http://tools.ietf.org/html/draft-sheffer-autovpn-00 >> >> >> Abstract: >> This document describes the AutoVPN architecture. AutoVPN allows >> IPsec security associations to be set up with no prior configuration, >> using the "leap of faith" paradigm. The document defines a >> lightweight protocol for negotiating such opportunistic encryption >> either directly between hosts or between two security gateways on the >> path. >> >> >> >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> The IETF Secretariat >> >> >> >> _______________________________________________ >> IPsec mailing list >> IPsec@ietf.org >> https://www.ietf.org/mailman/listinfo/ipsec >
- [IPsec] Fwd: New Version Notification for draft-s… Yaron Sheffer
- Re: [IPsec] Fwd: New Version Notification fordraf… Valery Smyslov
- Re: [IPsec] Fwd: New Version Notification fordraf… Yaron Sheffer