IETF Logo Mail Archive

Re: [IPsec] Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2 draft

Yoav Nir <ynir.ietf@gmail.com> Wed, 29 April 2020 19:54 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E67D3A16E3; Wed, 29 Apr 2020 12:54:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bCLdPt9yO6-6; Wed, 29 Apr 2020 12:54:32 -0700 (PDT)
Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 739453A16E2; Wed, 29 Apr 2020 12:54:32 -0700 (PDT)
Received: by mail-wr1-x434.google.com with SMTP id k1so4053638wrx.4; Wed, 29 Apr 2020 12:54:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=yvqMY0gn5wM6rTvvrcKWTs9iYnQbwdsNjWzgneSY5do=; b=XaRo7zz7qr8e1pBkOyCQynxW6/NUYiscf9hPxVQK/XQ9atcQE/6ameUWd5fBhyjxn8 c1LT94wx89BjTV+v28hU1Rf78UzGbrkK7BXpsdtRtS2EwzuBZ7YKXw/whMPdrEitE7GS RvlcOONjJpnUM8ENxmvpH2sjJInc3zRrtd4+nvysJcGCzjIZUbky7Zg36ITiYSSxwzRX BdAPS4r/IVFhWm2NtRVDp2PY2CaKU45zvXlPEFXA0FZDIJqqK7qlEeauAUtC5vvADwN3 B3wAtM9TASgkEiP62JjB2lBtQfKALHLLYwC6jc50b+mVSM0XZPlCAXS29s5AJzobJXbF h+sA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=yvqMY0gn5wM6rTvvrcKWTs9iYnQbwdsNjWzgneSY5do=; b=i431TpDCWbh8JfiQokvSuMlBIotoSabiVHQnPGJaOT3n/lT6AMoyqUhEvWuch3ZX3y nCXFb88415HG87HwadyfPVflOYlOqHOkzcixb6m9U1BQ0DZwXPE6kD5riTJW381GlGDE w0iOnXdwFzQlJQWqBC6LNmAU6hXFi+4OvQA3YLzngbIpa+wf7vlwaWK8mOKAk79E8T81 15sp6bVBssO02/Tgh1D65DTCy8qOFbhnDPuYr13Ms8h82mN7FCO/k9XrtFqikzuolT8r E/LJRE2uBCr4JS+vULLp65zmhaGau1nYKBe3o4jHWJVImPgE2BeNOFaAgi4I2qOINy2X AeEg==
X-Gm-Message-State: AGi0Puakfe+bgkECUD1J8ufDg5yG38p5oGoNmyXZKP4Qtkm1/80lingz sUVPoxlD623rFLwuPZtVyiQ=
X-Google-Smtp-Source: APiQypJPiikueoxmfRvHKEOfBsdAaQdyU+Hn+WOWOC+G0Gra3/04lRzAQOagLYy6+B2OFo7TK8WqzQ==
X-Received: by 2002:adf:f4d1:: with SMTP id h17mr39267685wrp.69.1588190070838; Wed, 29 Apr 2020 12:54:30 -0700 (PDT)
Received: from [192.168.1.12] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id u7sm9879676wmg.41.2020.04.29.12.54.28 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 29 Apr 2020 12:54:29 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <007d01d61e3c$c43a8990$4caf9cb0$@gmail.com>
Date: Wed, 29 Apr 2020 22:54:26 +0300
Cc: Tommy Pauly <tpauly@apple.com>, ipsec@ietf.org, ipsecme-chairs@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <69538081-E679-4BE4-A818-6AD424ECBCF0@gmail.com>
References: <0b5201d61d43$0f16dfe0$2d449fa0$@gmail.com> <53F12987-8F6B-46B7-831C-A4185E2B3805@apple.com> <007d01d61e3c$c43a8990$4caf9cb0$@gmail.com>
To: Valery Smyslov <smyslov.ietf@gmail.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/Xaqx4BbDrMpS9aTtoR46FETsFqA>
Subject: Re: [IPsec] Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2 draft
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Apr 2020 19:54:35 -0000

[With chair hat on]

Yes, the charter says that we are to make a guidance document. If the working group feels that it’s better to put the specification and guidance in a single document, we can work on that and clear it with the ADs. 

Charters can be modified.

Yoav

> On 29 Apr 2020, at 18:42, Valery Smyslov <smyslov.ietf@gmail.com> wrote:
> 
> Hi Tommy,
> 
>> Hi Valery,
>> 
>> Thanks for bringing this up again. Would you be interested in making this
> an
>> RFC8229bis instead? I think it would be most useful for an implementer to
> fold
>> some of these clarifications into the main text itself. How do you feel
> about
>> that?
> 
> I'd be happy to do it. I also think that a -bis document is more useful.
> The reason that this draft is not a rfc8229bis is that one and half
> year ago it was a general feeling that more experience need to be
> collected before -bis document should be issued. Now it is almost
> 3 years since rfc8229 is published, I agree that it's probably time to start
> preparing -bis.
> 
> One concern is the current WG charter - 
> it seems to me that it only allows
> clarification document and not a -bis.
> It is a question to our chairs and AD - are
> we allowed to proceed with rfc8229bis document
> with the current charter text or should we update it
> and ask for re-chartering?
> 
> Regards,
> Valery.
> 
> 
>> Best,
>> Tommy
>> 
>>> On Apr 28, 2020, at 2:54 AM, Valery Smyslov <smyslov.ietf@gmail.com>
>> wrote:
>>> 
>>> Hi,
>>> 
>>> a one and half year ago at IETF 103 in Bangkok I presented
>>> draft-smyslov-ipsecme-tcp-guidelines
>>> "Clarifications and Implementation Guidelines for using TCP
>>> Encapsulation in IKEv2"
>>> 
> (https://datatracker.ietf.org/doc/draft-smyslov-ipsecme-tcp-guidelines/).
>>>> From my recollection of the meeting and from minutes it was a general
>>> feeling in the room that
>>> this document was useful for implementers, since it clarified some
>>> subtle issues that were not covered in RFC 8229. However, at that time
>>> no adoption call was issued since this work would require to update
>>> the IPSECME charter.
>>> It took over a year to adopt the updated charter and now the WG is
>>> chartered for this work with this draft as a possible starting point.
>>> The text in the charter:
>>> 
>>> 	RFC8229, published in 2017, specifies how to encapsulate
>>> 	IKEv2 and ESP traffic in TCP. Implementation experience has
>>> 	revealed that not all situations are covered in RFC8229, and that
> may
>>> 	lead to interoperability problems or to suboptimal performance. The
>>> WG
>>> 	will provide a document to give implementors more guidance about how
>>> to use
>>> 	reliable stream transport in IKEv2 and clarify some issues that have
>>> been
>>> 	discovered.
>>> 
>>> However, since it was so long since the WG last discussed the draft,
>>> the chairs asked me to send a message to the list to determine whether
>>> there is still an interest in the WG to proceed with this work with
>>> this draft as a starting point.
>>> 
>>> Regards,
>>> Valery.
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> IPsec mailing list
>>> IPsec@ietf.org
>>> https://www.ietf.org/mailman/listinfo/ipsec
>

v2.23.0 | Report a Bug | By Email