IETF Logo Mail Archive

Re: [IPsec] Working group last call for the draft-nir-ipsecme-eddsa-00

Paul Wouters <paul@nohats.ca> Thu, 09 February 2017 16:58 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 430B0129C08 for <ipsec@ietfa.amsl.com>; Thu, 9 Feb 2017 08:58:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kQHM_2S0r0ZN for <ipsec@ietfa.amsl.com>; Thu, 9 Feb 2017 08:58:04 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26317129C06 for <ipsec@ietf.org>; Thu, 9 Feb 2017 08:58:04 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3vK45L5NwRz3Ql; Thu, 9 Feb 2017 17:57:58 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1486659478; bh=8aSr7FiImemWNkyl979SLC8jXnMeCupef5RKWgE0b2s=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=GFnPW2U55BjKUlrnVxE2AArx3SFQhSlRLJno6x2rXhEmpxBBFdB0T3GgtIp+3am06 2L4ePvKEoIiTKoAv/MZ/BEtUeqqLy+GT06WW3GaB9M7ciOn58znbmfT1g2TLqQs/Tw uRbvtVjf0u/8R3NsJdE8DomwQfe0n0resCz16k80=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 0TS9lHZo4euC; Thu, 9 Feb 2017 17:57:56 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 9 Feb 2017 17:57:55 +0100 (CET)
Received: from [193.111.228.71] (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bofh.nohats.ca (Postfix) with ESMTPSA id A507155A557; Thu, 9 Feb 2017 11:57:53 -0500 (EST)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca A507155A557
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Paul Wouters <paul@nohats.ca>
X-Mailer: iPhone Mail (14D27)
In-Reply-To: <1F3EB5DA-3BF3-45CD-A31E-3D170B5B4F01@apple.com>
Date: Thu, 09 Feb 2017 11:57:52 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <B06891DE-4F9C-4506-940F-E2CEF76000D2@nohats.ca>
References: <22683.8182.349840.103676@fireball.acr.fi> <D28C9CC6-FD00-4A42-8451-F9B0AA83E4BF@apple.com> <22684.25414.470545.969594@fireball.acr.fi> <1F3EB5DA-3BF3-45CD-A31E-3D170B5B4F01@apple.com>
To: Tommy Pauly <tpauly@apple.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/aB67fqQRF8FIIV3J3iDYKP-UmHQ>
Cc: ipsec@ietf.org, David Schinazi <dschinazi@apple.com>, Tero Kivinen <kivinen@iki.fi>
Subject: Re: [IPsec] Working group last call for the draft-nir-ipsecme-eddsa-00
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Feb 2017 16:58:06 -0000

Yes I forgot to reply. I strongly object to assigning 0 for real values. It should be left for implementations to detect a value has not been set.

Paul

Sent from my iPhone

> On Feb 9, 2017, at 11:12, Tommy Pauly <tpauly@apple.com> wrote:
> 
> Thanks for sending out the corrected draft name, Tero. I think this draft is in good shape in general and we should move forward with it.
> 
> The only thing that seems to need ironing out is the specific IANA hash value. I can see the argument either way: as the draft points out, 0 makes sense for the Identity hash, since it can be viewed as "no hash at all". However, I agree with your point that 0 may often be used in code to indicate an uninitialized value. I would be concerned if existing implementations flagged 0 as an error, here, as well.
> 
> I think it would make sense to do a quick poll of the WG to get some consensus on this. At this point, I'm mildly in favor of a new value (5).
> 
> Thanks,
> Tommy
> 
>> On Feb 9, 2017, at 4:40 AM, Tero Kivinen <kivinen@iki.fi> wrote:
>> 
>> Ah I noticed that my last call email had wrong draft name in the
>> subject line and in the link. The correct draft name is of course
>> draft-ietf-ipsecme-eddsa-00 not *-nir-* version.
>> 
>> David Schinazi writes:
>>> I've reviewed this draft. I support it and believe it is ready to move forward
>>> towards becoming a standards-track RFC. Also, would it make sense to ask
>>> IANA for early assignment of the code point? Using 0 sounds reasonable to me.
>> 
>> As this is expert review registry there is no need to ask for early
>> allocation, the normal process is just to fill in the IANA general
>> request for assignments, which then goes to the IANA and they will
>> then send it to the expert (me) for verification.
>> 
>> If normal number (other than 0) would be given out, then I would just
>> say yes, but allocating 0, which in registry is marked as:
>> 
>>    0    Reserved    [RFC7427]
>> 
>> and is not part of the :
>> 
>>    5-1023    Unassigned
>> 
>> range, then I would be bit more hesitant to give it out, and would
>> most likely want to poll the WG and list before making decision.
>> 
>> I actually myself think it would be better to just allocate next free
>> number from the unassigned space, and keep the value 0 as reserved...
>> 
>> For example we do not use value 0 of Encryption Algorithms transform
>> to mean ENCR_NULL, we do have separate number allocated for it. On the
>> other hand we do have value 0 meaning NONE in the Integrity algorithm
>> transform ID table and for diffie hellman values, but there the
>> meaning is bit different, it means there is no value for that id, here
>> it would be meaning that there is this identity function version of
>> the hash function. 
>> 
>> As an expert and as a implementor I think I would prefer next free
>> number over 0... Quite commonly in the code we use value 0 as meaning,
>> we have not yet received anything, or we have not yet initialized this
>> field, and having separate value for identity function might make
>> things easier. But if others have good reasons why the value 0 is
>> better, feel free to tell me...
>> -- 
>> kivinen@iki.fi
>> 
>> _______________________________________________
>> IPsec mailing list
>> IPsec@ietf.org
>> https://www.ietf.org/mailman/listinfo/ipsec
> 
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email