IETF Logo Mail Archive

Re: [IPsec] Rekeying of child sa, Question on TS handling according to RFC 5996

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Thu, 21 August 2014 21:19 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA2CE1A0B0E for <ipsec@ietfa.amsl.com>; Thu, 21 Aug 2014 14:19:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YNTNiWObbLhC for <ipsec@ietfa.amsl.com>; Thu, 21 Aug 2014 14:19:38 -0700 (PDT)
Received: from mail-qg0-x234.google.com (mail-qg0-x234.google.com [IPv6:2607:f8b0:400d:c04::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BACF1A0ACA for <ipsec@ietf.org>; Thu, 21 Aug 2014 14:19:38 -0700 (PDT)
Received: by mail-qg0-f52.google.com with SMTP id f51so9380600qge.39 for <ipsec@ietf.org>; Thu, 21 Aug 2014 14:19:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:mime-version:subject:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=fyY9X4kE7RA5Oi+P/BQdyor7uRzZf15nxUW2WrzikGw=; b=ljPT1PpI6P5mT7hkZcqmuVaCtSXTYD5M69n1JUSD11eK9+eCo0dPH4poJHhg+1WfhJ 1OteWtQgP4vlo5fTj/8tt51PwUFg1DcbBlw5Wn4Z6ObGIAZEjLu0vPvNWZKXxg9Q4ccU DqIAlXpg1B3Zr+R/cXWZgm7fw3uHMh8FhXGyfqgrxak4ppfFTW9mndMI20SSwECIv8+m X2yWxYU34AXPvuYlrsTj1whZJFe6dkgbfB/uf853jCrdU4KAlHcr//ZtVCT+NEWLNp4h LT2HpSuoNPK5goh4D4kcn/KhRaq/6teVEPPIiAlRFjwqyiEUvHENEhy8Xctt9RNs07on VL9w==
X-Received: by 10.140.103.75 with SMTP id x69mr1759724qge.17.1408655977381; Thu, 21 Aug 2014 14:19:37 -0700 (PDT)
Received: from [192.168.1.7] (pool-96-233-18-79.bstnma.east.verizon.net. [96.233.18.79]) by mx.google.com with ESMTPSA id a41sm30745998qgf.37.2014.08.21.14.19.33 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 21 Aug 2014 14:19:35 -0700 (PDT)
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Google-Original-From: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
X-Mailer: iPhone Mail (11D257)
In-Reply-To: <66302A57-27E5-46EF-A373-A82008169B8E@gmail.com>
Date: Thu, 21 Aug 2014 17:19:31 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <F9EB5DA3-32AF-43BE-B2C8-FFD37C051915@gmail.com>
References: <F68C660364DABE41AF4617F517EF548411707BE2@ESESSMB309.ericsson.se> <21493.55390.157248.181030@fireball.kivinen.iki.fi> <257268920DEA479E9FC65BFA164783C2@buildpc> <66302A57-27E5-46EF-A373-A82008169B8E@gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/aa9e8CAtQ4dGCl7ir3HiXvqHH8I
Cc: "ipsec@ietf.org" <ipsec@ietf.org>, Valery Smyslov <svanru@gmail.com>, "sec-ads@tools.ietf.org" <sec-ads@tools.ietf.org>, Tero Kivinen <kivinen@iki.fi>, Pål Dammvik <pal.dammvik@ericsson.com>
Subject: Re: [IPsec] Rekeying of child sa, Question on TS handling according to RFC 5996
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Aug 2014 21:19:40 -0000

Assuming this is agreed upon by the working group, getting the text to be added along with a diff of the draft will be helpful to share with the IESG.  They will want a quick look to make sure they agree, but it sounds like this makes sense.

Thanks,
Kathleen 

Sent from my iPhone

> On Aug 21, 2014, at 3:21 PM, Yoav Nir <ynir.ietf@gmail.com> wrote:
> 
> +1
> 
>> On Aug 21, 2014, at 2:49 PM, Valery Smyslov <svanru@gmail.com> wrote:
>> 
>> Hi Tero,
>> 
>>> This is also question what should we do for the rfc5996bis.
>>> We have two options, we removed the text saying section 2.9.2 was
>>> added in the RFC5996, or we add the section 2.9.2 from the ticket #12,
>>> and add note that saying that this time we really added it...
>>> What does the working group feel we should do? Note, that if we add
>>> the 2.9.2 that might cause delays, as I am not sure if we can do that
>>> kind of change after IESG has already approved the rfc5996bis (it is
>>> now in the AUTH48), meaning it might need IESG to recheck that part.
>>> On the other hand I think adding the text which we already have
>>> approved in 2009 to the specification would be the right thing to do,
>>> as there clearly is need for clarification (as we can see from the
>>> Dammvik's question).
>> 
>> I think we should add this text. The text is useful and I don't see
>> a reason to sacrifice it in favour to speed up RFC publication.
>> 
>> Regards,
>> Valery.
>> 
>>> kivinen@iki.fi
>> 
>> _______________________________________________
>> IPsec mailing list
>> IPsec@ietf.org
>> https://www.ietf.org/mailman/listinfo/ipsec
> 
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email