IETF Logo Mail Archive

Re: [IPsec] Preference of ESP over AH in RFC7321bis question.

"Dang, Quynh (Fed)" <quynh.dang@nist.gov> Fri, 11 August 2017 15:23 UTC

Return-Path: <quynh.dang@nist.gov>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD014120727 for <ipsec@ietfa.amsl.com>; Fri, 11 Aug 2017 08:23:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FQA4B-vnLUhp for <ipsec@ietfa.amsl.com>; Fri, 11 Aug 2017 08:23:02 -0700 (PDT)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0102.outbound.protection.outlook.com [23.103.200.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2EE61241F5 for <ipsec@ietf.org>; Fri, 11 Aug 2017 08:23:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=evrBR8uGebvWZYPAPBAVW2r747kJzg+UkWSbpqz/rl0=; b=ZltFYBNX83QilNu0+wat8svLWoRAcAIFVs2MT50/C5zHo3yqQ6lthfMCvFtbR0QWYps1r9aTNWQYPAlncEfXWU41qdLOg8FvYXqaQy2ZrY8LV8cJbv1/SHiIUwiAWiXUpUNgBBF4ipRLeLjucE3PX8Uk7e/j5kflQxeCsQ+R5ug=
Received: from CY4PR09MB1464.namprd09.prod.outlook.com (10.173.191.22) by CY4PR09MB1464.namprd09.prod.outlook.com (10.173.191.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1320.16; Fri, 11 Aug 2017 15:23:00 +0000
Received: from CY4PR09MB1464.namprd09.prod.outlook.com ([10.173.191.22]) by CY4PR09MB1464.namprd09.prod.outlook.com ([10.173.191.22]) with mapi id 15.01.1320.019; Fri, 11 Aug 2017 15:23:00 +0000
From: "Dang, Quynh (Fed)" <quynh.dang@nist.gov>
To: "paul@nohats.ca" <paul@nohats.ca>
CC: "ipsec@ietf.org" <ipsec@ietf.org>
Thread-Topic: [IPsec] Preference of ESP over AH in RFC7321bis question.
Thread-Index: AQHTEqtCyJ5Rmbm57UKRXvrgSLfQJqJ/QVeAgAAEppc=
Date: Fri, 11 Aug 2017 15:23:00 +0000
Message-ID: <CY4PR09MB14646185D49D6196E72E890CF3890@CY4PR09MB1464.namprd09.prod.outlook.com>
References: <CY4PR09MB14646706A7F252B221FC4F0DF3890@CY4PR09MB1464.namprd09.prod.outlook.com>, <alpine.LRH.2.21.1708111104480.14016@bofh.nohats.ca>
In-Reply-To: <alpine.LRH.2.21.1708111104480.14016@bofh.nohats.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=quynh.dang@nist.gov;
x-originating-ip: [129.6.105.150]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR09MB1464; 6:32zUnrOZ4ot4fZ+l94KMoAzxlOsjtxG83ra8tst92bs3AFCqt3/BnfQCopZ+tibvJwzRVJvBi2Ltae3PyRa94zEa2iMIPjGKPxTX5zpz448Tsz4eTjJWAYxjnMBLE9ahfg5F/Wt8f6M88bO4ni0ys4/a4F6U3sJDf60mEImOSOvk1HWB2IGPaiwyOZsfLXami+aD60iC7BHM85wrAv6kcuiElKCRTFFAmjphBXRKuWJR1x8MSQlI4Vdn+c1G370RACRrXfGyZp+5dspjLMGDzzYN+JmQK9IJs2R3jNXTBLq+PV0F+xeMo/HWvHwGOQMWvMENEUt0qE6Qxrivf5Iv4w==; 5:w9/DMz96fI9MYElViO6d3YnheJXinN3YkufhlltNJjaIrtJ5FXoc3szGbYYaYpNmchgF8lcmzkY6ZsCK+9wHAzVIMkSlmZcq7ZxwI8ZOOwv7jCyj5Z2f1Rz++lu1yiPZu16iEO1UtbeDUgC0LqLylw==; 24:wV8KvCos/AZ/MVFIbt9CSTRE9rrDJu5o8bWD0lWjv1J6wCKCyX55ltYzwC27iDmjMKFvt1PhK4C1vbmSKI8jM6NQ07g5oPn7Kztcm/DLbjQ=; 7:MCG8hKzQWejDujzgh6q4j6iDk9KxO/ggjLg5ypyB9owAePJnCI4ijCvgnDvge1x5Kw8EYgEDbfwGFNGsEUv0dBUa3/QhcxjxAjrbeRuLjgu5LvUWiF1U43A6WAyUYdMHVuW8o09q+v1EXij4QAonFUP6DnsprcYGzc8J8fBFlDTT2AffOvVgmFYpbTclge2NE6OOLrVgEFEq318tZvSxdnP0yLL+xdrEgdWJKRvCw+Q=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ld-processed: 2ab5d82f-d8fa-4797-a93e-054655c61dec,ExtAddr
x-ms-office365-filtering-correlation-id: 409e4ea7-e23e-4c2a-cb98-08d4e0ccda5f
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(48565401081)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:CY4PR09MB1464;
x-ms-traffictypediagnostic: CY4PR09MB1464:
x-exchange-antispam-report-test: UriScan:(158342451672863);
x-microsoft-antispam-prvs: <CY4PR09MB146414756A5D111298AAA4A3F3890@CY4PR09MB1464.namprd09.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(10201501046)(100000703101)(100105400095)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123562025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123560025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR09MB1464; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR09MB1464;
x-forefront-prvs: 03965EFC76
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39860400002)(24454002)(377454003)(199003)(51444003)(189002)(8676002)(81156014)(8936002)(54896002)(76176999)(2906002)(54356999)(9686003)(1730700003)(3660700001)(3280700002)(6506006)(14454004)(77096006)(229853002)(53546010)(50986999)(2501003)(81166006)(2950100002)(6916009)(478600001)(102836003)(189998001)(86362001)(3846002)(6246003)(68736007)(53936002)(6116002)(66066001)(2351001)(2900100001)(5660300001)(110136004)(7696004)(7736002)(74316002)(101416001)(99286003)(105586002)(106356001)(55016002)(4326008)(5640700003)(97736004)(6436002)(33656002)(25786009); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR09MB1464; H:CY4PR09MB1464.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR09MB14646185D49D6196E72E890CF3890CY4PR09MB1464namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Aug 2017 15:23:00.5952 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR09MB1464
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/a25BjznI0KrK0D8qD6xdnjIWEx4>
Subject: Re: [IPsec] Preference of ESP over AH in RFC7321bis question.
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Aug 2017 15:23:04 -0000

I think that would be a very useful document.


Quynh.

________________________________
From: Paul Wouters <paul@nohats.ca>
Sent: Friday, August 11, 2017 11:05:59 AM
To: Dang, Quynh (Fed)
Cc: ipsec@ietf.org
Subject: Re: [IPsec] Preference of ESP over AH in RFC7321bis question.

On Fri, 11 Aug 2017, Dang, Quynh (Fed) wrote:

> In RFC 7321, we basically said that ESP is preferred over AH. However, that recommendation is not in the current RFC7321bis.
>
> Was that an accidental mistake or because people using AH wanted to remove that recommendation ?

Daniel already responded, but let me add that I'd be happy if the WG
decides to write a a draft-ipsecme-ah-ipcomp-diediedie :)

Paul

v2.23.0 | Report a Bug | By Email