Re: [IPsec] Fwd: New Version Notification for draft-sprasad-ipsecme-labeled-ipsec-00.txt (fwd)
"Hu, Jun (Nokia - US/Mountain View)" <jun.hu@nokia.com> Tue, 06 March 2018 23:52 UTC
Return-Path: <jun.hu@nokia.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 958CE12741D for <ipsec@ietfa.amsl.com>; Tue, 6 Mar 2018 15:52:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.911
X-Spam-Level:
X-Spam-Status: No, score=-2.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PUPucv4Ug-KZ for <ipsec@ietfa.amsl.com>; Tue, 6 Mar 2018 15:52:13 -0800 (PST)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30118.outbound.protection.outlook.com [40.107.3.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9BCF1200FC for <ipsec@ietf.org>; Tue, 6 Mar 2018 15:52:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ejw+U0p9tT65sk2yH7vHDs96Y1v1lln/+cpJ9yVGoNs=; b=ixu5+pkKLVUTOe9qsoeH6kqw8onL6va7pflUZszxevLoXGb7M561ti6z3HHEy/Umbhg1htEn6Bhsl4IB+Y8pzexy6XtRom3xDMK902SHNncVu6hXsI/lulyYpwTvpNBQj66VBT74r5mcTYW+w0jz++i1+MQL08Vac7mWPsHAPg0=
Received: from AM4PR07MB3153.eurprd07.prod.outlook.com (10.171.188.142) by AM4PR07MB1601.eurprd07.prod.outlook.com (10.166.132.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.567.6; Tue, 6 Mar 2018 23:52:08 +0000
Received: from AM4PR07MB3153.eurprd07.prod.outlook.com ([fe80::296d:e6a1:bfb4:33e1]) by AM4PR07MB3153.eurprd07.prod.outlook.com ([fe80::296d:e6a1:bfb4:33e1%4]) with mapi id 15.20.0567.011; Tue, 6 Mar 2018 23:52:08 +0000
From: "Hu, Jun (Nokia - US/Mountain View)" <jun.hu@nokia.com>
To: Paul Wouters <paul@nohats.ca>, "ipsec@ietf.org WG" <ipsec@ietf.org>
CC: Sahana Prasad <sahana.prasad07@gmail.com>
Thread-Topic: [IPsec] Fwd: New Version Notification for draft-sprasad-ipsecme-labeled-ipsec-00.txt (fwd)
Thread-Index: AQHTtJeqhTVG2/q3s0KFzP/xTL/aWKPD2oug
Date: Tue, 06 Mar 2018 23:52:08 +0000
Message-ID: <AM4PR07MB3153B78E7DD0C4DE89144F1595D90@AM4PR07MB3153.eurprd07.prod.outlook.com>
References: <alpine.LRH.2.21.1803051033400.28097@bofh.nohats.ca>
In-Reply-To: <alpine.LRH.2.21.1803051033400.28097@bofh.nohats.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.245.20.4]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR07MB1601; 6:9nTY+xBchFSA5Dnw3Lt6o3a+8Cekc3/viKf0BXvCXE5gt3B8zgQFKO7MPTWQ/oLg46jrE4+mZvjNfeykyecRzCeRQP89bUtuRAuZs1r9LpLt6Bg31DJvLmXoviP0JMJlGyViMqKHVma/3Fq9S4iMoywCjvxVH8A34CgaPt8fr58owPe/jzOLaUuQcQU+G6a5udQXRATyzhE9l0gryB02Ppkav/nbLCxvX3mH+W7CvxI/CHrTvM8IGTpnOljO8iGgFyIOvFuZRT3tLEmK1dJC+hdacBwkuiTJ7Uc5JQncmVUzQ5cZ1HW8VveQqvh7eM/imUp62cBgaX0QJxm5TQherzdW1i/y9zk0F75WMmSYHt4ZMYOxUBxHb0zHQcNm8g6p; 5:DJnBurkSWuvTT1uri0asUf32qN1EZkyjagOu5sVRG3x3WkPOZOapeJrQLwkPEv9O8Ann796qW6KcKiYrWXPEV/1MQ9c0xG2mN6QytleqZyOsW1ce01GlN0JaTS/NkfwhDbb74AIqdpv/nx/jJckrf6sOTOZSbdkNgvsHS7uli3M=; 24:1ckQLqub1ReqNeI0xidQISgeANmbBt54T5Ee44/bXKUZ6urAy9/lwhH7X2OyEwKaHiz5IUf/iA6AXl8LSPcUXpZ3N7Ggh2emg0W+aAmPYOI=; 7:AkiGet0g6jhyBLAGDf29ShvpE1A8eYVR+Gm0nYEmseeYe2RzxecKnTV3Ghe8uJcJyNJdItjh0/s9emBNb4cxyFWtWsD4N81a/D1lOHSGN4N5driHU9bcMaZbhROHtXPKr3LExC1mm4hpw53GIuC1B83ZMvut/YLUUNbGCGlLotC8jQiWD+42I8HNnyrBnMLHp1m6l8TZLHTCEMQhTWApZhWbIbxDh3z2WmU5hv1JYZ6sfemRI2l0qjw8T/4tTg4+
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 7a695863-9a7f-4514-cbef-08d583bd4609
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020); SRVR:AM4PR07MB1601;
x-ms-traffictypediagnostic: AM4PR07MB1601:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=jun.hu@nokia.com;
x-microsoft-antispam-prvs: <AM4PR07MB160128BA041FB9E3A3BD1D4895D90@AM4PR07MB1601.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105)(192374486261705)(85827821059158);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(3002001)(3231220)(11241501184)(806099)(944501244)(52105095)(10201501046)(93006095)(93001095)(6055026)(6041288)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123564045)(20161123558120)(6072148)(201708071742011); SRVR:AM4PR07MB1601; BCL:0; PCL:0; RULEID:; SRVR:AM4PR07MB1601;
x-forefront-prvs: 06036BD506
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(396003)(39380400002)(39860400002)(376002)(366004)(377424004)(13464003)(199004)(189003)(5250100002)(229853002)(2906002)(97736004)(8936002)(478600001)(6306002)(55016002)(8676002)(81156014)(2950100002)(76176011)(66066001)(5660300001)(6436002)(106356001)(26005)(81166006)(966005)(86362001)(186003)(53546011)(6506007)(316002)(59450400001)(102836004)(39060400002)(7736002)(33656002)(6116002)(3846002)(99286004)(6246003)(53936002)(14454004)(25786009)(7696005)(9686003)(74316002)(3280700002)(105586002)(4326008)(110136005)(15650500001)(68736007)(2900100001)(3660700001)(305945005); DIR:OUT; SFP:1102; SCL:1; SRVR:AM4PR07MB1601; H:AM4PR07MB3153.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: nokia.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: OhZqPXz9QQdi7HSmYQyTGYgKwjOZtAAni0tC5CTAkmDpVE2mwB0h81LkmmPLn0pHY/wbic5u5Ff4md3QOWbDcxCWWF0yLdD8hlh3C2TFvaj1/eJzj5muGT1KdHi01OIDYHXZWqIXYdcyyVTRLxd0VJly66Wtp47K+QDMJqn4skEax18blFdr6hY5gYOvz1kWVXPTdHJZW3okiNyf/+0sTEzNbMa2f/7YNO96xbbqiLMnXMN7lXxmitorgeSX9wfUJIWNXCfIne62IXixGO+cGfnPuiq7ILiAcp9iOdyjkoG28aakmHVOBWh2Cs9OkjpWVdHbjZehsAIzHD7lakmo0dKuKRoY/1gSsXbznvRx4xk+q9cS11wPUMyaKg0LAwLd
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7a695863-9a7f-4514-cbef-08d583bd4609
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Mar 2018 23:52:08.9127 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR07MB1601
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/Wt-6PKOUS3yfDaWAHIRAmRYpXkg>
Subject: Re: [IPsec] Fwd: New Version Notification for draft-sprasad-ipsecme-labeled-ipsec-00.txt (fwd)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Mar 2018 23:52:16 -0000
Some initial questions/comments: 1. security label is defined as opaque data in the draft, but then how would narrowing work in an inter-op way with opaque data? Or should we define the format for some common use cases (like security enforcement, QoS ...) , and adding a sub-type in TS_SECLABEL 2. currently there are TSi (44) and TSr (45) payload, does it make sense to include TS_SECLABEL in either TSi or TSr? Is there semantic to have separate "initiator SECLABEL" and "responder SECLABEL"? Or does it make more sense to only allow single TS_SECLABEL per message/CHILD_SA, and create a new TS payload type , put TS_SECLABEL in it ? > -----Original Message----- > From: IPsec [mailto:ipsec-bounces@ietf.org] On Behalf Of Paul Wouters > Sent: Monday, March 05, 2018 7:36 AM > To: ipsec@ietf.org WG <ipsec@ietf.org> > Cc: Sahana Prasad <sahana.prasad07@gmail.com> > Subject: [IPsec] Fwd: New Version Notification for draft-sprasad-ipsecme- > labeled-ipsec-00.txt (fwd) > > > > Sahana and I wrote the initial draft for Labeled IPsec. I'm not sure why it didn't > auto-email the list, so links follow below. Please discuss :) > > Paul > > A new version of I-D, draft-sprasad-ipsecme-labeled-ipsec-00.txt > has been successfully submitted by Sahana Prasad and posted to the IETF > repository. > > Name: draft-sprasad-ipsecme-labeled-ipsec > Revision: 00 > Title: Labeled IPsec Traffic Selector support for IKEv2 > Document date: 2018-03-04 > Group: Individual Submission > Pages: 6 > URL: https://www.ietf.org/internet-drafts/draft-sprasad-ipsecme- > labeled-ipsec-00.txt > Status: https://datatracker.ietf.org/doc/draft-sprasad-ipsecme-labeled- > ipsec/ > Htmlized: https://tools.ietf.org/html/draft-sprasad-ipsecme-labeled- > ipsec-00 > Htmlized: https://datatracker.ietf.org/doc/html/draft-sprasad-ipsecme- > labeled-ipsec-00 > > > Abstract: > Some IPsec implementations support Security Labels otherwise known as > Security Contexts, to be configured as a selector within the Security > Policy Database (SPD) for IPsec SAs. This document adds support to > IKEv2 to negotiate these Security Labels or Contexts using a new > Traffic Selector (TS) Type TS_SECLABEL. The approach is named > "Labeled IPsec". It assumes that the SPD processing of RFC 4303 is > already extended to support Security Labels. This document only adds > the ability for IKE to negotiate the Security Labels used with the > SPD. > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] Fwd: New Version Notification for draft-s… Paul Wouters
- Re: [IPsec] Fwd: New Version Notification for dra… Hu, Jun (Nokia - US/Mountain View)
- Re: [IPsec] Fwd: New Version Notification for dra… Paul Wouters
- Re: [IPsec] Fwd: New Version Notification for dra… Hu, Jun (Nokia - US/Mountain View)