IETF Logo Mail Archive

Re: [IPsec] FW: I-D ACTION:draft-ietf-storm-ipsec-ips-update-00.txt

Yaron Sheffer <yaronf.ietf@gmail.com> Thu, 06 June 2013 06:50 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 788C421F9744 for <ipsec@ietfa.amsl.com>; Wed, 5 Jun 2013 23:50:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t4gOKNUvGfJW for <ipsec@ietfa.amsl.com>; Wed, 5 Jun 2013 23:50:04 -0700 (PDT)
Received: from mail-ee0-x22a.google.com (mail-ee0-x22a.google.com [IPv6:2a00:1450:4013:c00::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 36A1021F8E12 for <ipsec@ietf.org>; Wed, 5 Jun 2013 23:50:04 -0700 (PDT)
Received: by mail-ee0-f42.google.com with SMTP id c4so1023760eek.15 for <ipsec@ietf.org>; Wed, 05 Jun 2013 23:50:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=sKSOS1aLVdJIvvhRIGQ7As8DLaSAfigrj8zd5tQ20QE=; b=t9D6WrEIQHXia8JtHs1urcwkEmKIiDD05aer0EfprwnpHASTiR++0+JhmhwDh0o19s bNk9O0+h5TL2uRFFv5Qpjr1ADT3p0JkCRmLM+Cd1MgCEwXWlS/AZsBvm2KEsf37RJoCD 2KhwsfrRYufEcEx3YZmYOBYI4JzLYk7hUqc+GwCh6qYPy3AHmuCaV+/rwdH6UG3nhez1 zh889otd5X6zSjWc51tVRsld09OGAaQFAi8u38kQt6GjIwUtkTq+9wP6+ODCKbPibGvv x/0Wx4K1Orx9S52bAmqjs8Fb0LJFmdtloY3NMX5o+gSocr3YqbIoFBRqbjfilh6bkSiF 6vOQ==
X-Received: by 10.15.53.196 with SMTP id r44mr14030981eew.136.1370501403283; Wed, 05 Jun 2013 23:50:03 -0700 (PDT)
Received: from [10.0.0.14] (93-173-148-105.bb.netvision.net.il. [93.173.148.105]) by mx.google.com with ESMTPSA id s8sm103925959eeo.4.2013.06.05.23.50.01 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 05 Jun 2013 23:50:02 -0700 (PDT)
Message-ID: <51B021E1.102@gmail.com>
Date: Thu, 06 Jun 2013 08:45:05 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6
MIME-Version: 1.0
To: "Black, David" <david.black@emc.com>
References: <8D3D17ACE214DC429325B2B98F3AE712980C9E82@MX15A.corp.emc.com>
In-Reply-To: <8D3D17ACE214DC429325B2B98F3AE712980C9E82@MX15A.corp.emc.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: IPsecme WG <ipsec@ietf.org>
Subject: Re: [IPsec] FW: I-D ACTION:draft-ietf-storm-ipsec-ips-update-00.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jun 2013 06:50:05 -0000

Hi David,

• The ref for AES-GMAC is RFC 3543, should be 4543.
• 2.1: AES-GMAC and not AES-GCM? Authentication but no encryption?
• The separation of GMAC and CTR, when we really want the combined-mode 
GCM, is very confusing.
• 3: why no must-implement DH group? Also, "when DH groups are used" - 
are there any cases when they're not?
• 3.1: I would expect a discussion here about correlation between IKE 
identity and the application protocol. E.g. are target names used as 
IKEv2 ID values? This probably makes more sense when iSCSI discovery is 
being used.
• 3.1: (shameless plug...) instead of certs, PACE with an automatically 
generated PSK would be so much more convenient... See RFC 6631, Sec. 
3.5+3.6. But of course it is only experimental, sigh.

Thanks,
	Yaron

On 2013-06-05 23:30, Black, David wrote:
> FYI - this draft is likely to move fairly quickly, with both
> WG Last Call and the publication request that hands off draft from
> the WG to the AD happening before the Berlin IETF meetings.
>
> WG Last Call in the storm WG is expected to start next week.
>
> Thanks,
> --David
>
> -----Original Message-----
> From: i-d-announce-bounces@ietf.org [mailto:i-d-announce-bounces@ietf.org] On Behalf Of Internet-Drafts@ietf.org
> Sent: Wednesday, June 05, 2013 3:51 PM
> To: i-d-announce@ietf.org
> Cc: storm@ietf.org
> Subject: I-D ACTION:draft-ietf-storm-ipsec-ips-update-00.txt
>
> A new Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the STORage Maintenance Working Group of the IETF.
>
>      Title         : IP Storage: IPsec Requirements Update for IPsec v3
>      Author(s)     : D. Black, et al
>      Filename      : draft-ietf-storm-ipsec-ips-update
>      Pages         : 13
>      Date          : June 5, 2013
>
>     RFC 3723 includes requirements for IPsec usage with IP Storage
>     protocols (e.g., iSCSI) based on IPsec v2 (RFC 2401 and related
>     RFCs).  This document updates those requirements to IPsec v3 (RFC
>     4301 and related RFCs) and updates implementation requirements to
>     reflect developments in cryptography since RFC 3723 was published.
>
>     [RFC Editor: The &quot;Updates:&quot; list above has been truncated by xml2rfc.
>     The complete list is - Updates: 3720, 3723, 3821, 3822, 4018, 4172,
>     4173, 4174, 5040, 5041, 5042, 5043, 5044, 5045, 5046, 5047, 5048 (if
>     approved) ]
>
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-ietf-storm-ipsec-ips-update-00.txt
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> Below is the data which will enable a MIME compliant mail reader
> implementation to automatically retrieve the ASCII version of the
> Internet-Draft.
>
>
>
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
>

v2.23.0 | Report a Bug | By Email