IETF Logo Mail Archive

Re: [IPsec] draft-ietf-ipsecme-ikev2-null-auth-05.txt

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Thu, 02 April 2015 01:57 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DCFD1A92E6; Wed, 1 Apr 2015 18:57:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h_PtjzQG6lwP; Wed, 1 Apr 2015 18:57:33 -0700 (PDT)
Received: from mail-la0-x22b.google.com (mail-la0-x22b.google.com [IPv6:2a00:1450:4010:c03::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36F901A07BE; Wed, 1 Apr 2015 18:57:33 -0700 (PDT)
Received: by lagg8 with SMTP id g8so50046404lag.1; Wed, 01 Apr 2015 18:57:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=dB6ysqBbGH9+HshzIFoasnn5dhFslkvP9kGQT6iyUeA=; b=FcumR7kLlI0eWONYeHqU90xepeX4Y686vRdN0BdNqCmd+NaR3zAFMnMLoMWx+NjjU5 V191SnrldSQY1YTuwzidLqlZe5R/sap7J93leaZjx4o6po5uzR65RrQwqmAMttri4SKX AjbE3GYBdl89dKwgw2vazihZfGdyUEDLKVsUQoQbKv1kNtxAD8QnvN8vvStqI3YiiXlP 1+yZ5zdFrSolSiHQ4KOBLtryAU0660/FRbHW62bQvgJfiUMsee0w9+FXXXOkAtb015OV Je5dCKMWxGePEEP7L2KQUFP2DT09rf5gmwxqzMTJutp2uVA9u7EwCqUEAs4isDU4V5rk iEVg==
MIME-Version: 1.0
X-Received: by 10.112.218.5 with SMTP id pc5mr39507615lbc.32.1427939851541; Wed, 01 Apr 2015 18:57:31 -0700 (PDT)
Received: by 10.112.167.101 with HTTP; Wed, 1 Apr 2015 18:57:31 -0700 (PDT)
In-Reply-To: <CAHbuEH5GV7wKv7PO++wgA_b3K_=dKESAx6xf0JOZTmU1REMbpQ@mail.gmail.com>
References: <21780.37200.119692.51021@fireball.kivinen.iki.fi> <C5AE72F035554A3F9F02F7C283C536C4@buildpc> <CAHbuEH7KX6x9rQHTN4M5QB4dZ6vsZ8oAjQYuZooKsqxdgf6xnQ@mail.gmail.com> <A4CA1B96-3AF6-4D5F-9EFE-6794CBC31FBD@vpnc.org> <CAHbuEH5GV7wKv7PO++wgA_b3K_=dKESAx6xf0JOZTmU1REMbpQ@mail.gmail.com>
Date: Wed, 01 Apr 2015 21:57:31 -0400
Message-ID: <CAHbuEH4tT=pTa+bE8W2Xix99djfDjq7Fkpuj10-Pp=GAKDtgwA@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: multipart/alternative; boundary="001a11c322f69ca4020512b42762"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/cAHFgiF9BYN5JjPLnUVa3Loyt6I>
Cc: "ipsec@ietf.org" <ipsec@ietf.org>, Valery Smyslov <svanru@gmail.com>, draft-ietf-ipsecme-ikev2-null-auth@ietf.org, Tero Kivinen <kivinen@iki.fi>
Subject: Re: [IPsec] draft-ietf-ipsecme-ikev2-null-auth-05.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2015 01:57:36 -0000

I went back to the email thread as I wanted to look at the consensus and
don't see it the way Paul does.
Here is the end of the thread:
http://www.ietf.org/mail-archive/web/ipsec/current/msg09668.html

It reads as confusion with the term updates and most being ok with going in
either direction, Paul against and Yaron more in favor.

Updates can update very specific text in a draft.  Since this just applies
in this special case, the updates text needs to be clearly worded to
reflect that or you copy in all the text that applies from the other draft.

I'm at a day long conference tomorrow and will be slow to respond.

Thanks.

On Wed, Apr 1, 2015 at 3:11 PM, Kathleen Moriarty <
kathleen.moriarty.ietf@gmail.com> wrote:

> Hi Paul,
>
> On Mon, Mar 30, 2015 at 8:51 PM, Paul Hoffman <paul.hoffman@vpnc.org>
> wrote:
>
>> On Mar 30, 2015, at 1:56 PM, Kathleen Moriarty <
>> kathleen.moriarty.ietf@gmail.com> wrote:
>>
>> > Thanks for making most of the suggested changes to the draft.  I see
>> nothing happened in section 2.4 with the 'updates' text.  Since this
>> requires changes to the referenced draft, it's easier to just state what is
>> being updated in the previous RFC with this draft.  Could we work on that
>> change and have it ready soon?  I'd rather do this before IETF last call or
>> in IESG review as I think it pretty clearly should be done.
>>
>> My interpretation from the WG discussion was that there was consensus
>> that this document doesn't need to be marked as "updates RFC 4301". I
>> updated the shepherd report to indicate that the WG defers to the IESG on
>> judgement about this.
>>
>
> In looking back at this, the email lists, and talking to a couple of
> fellow ADs, I think it's important to tweak some text as it will get held
> up otherwise.  This text was not present in RFC4322.
>
> The last sentence of this paragraph is the mail issue:
>
>      When using NULL Authentication, the peer identity is not
>
>    authenticated and cannot be trusted.  If ID_NULL is used with NULL
>
>       Authentication, there is no ID at all.  The processing of PAD
>    described in Section 4.4.3.4 of [RFC4301] must be updated.
>
>
> The only change that would be required here is to reword that last
> sentence and mark the draft appropriately so it "updates" 4301 for this
> case. New text could be something like:
>
>
>      When using NULL Authentication, the peer identity is not
>
>    authenticated and cannot be trusted.  If ID_NULL is used with NULL
>
>       Authentication, there is no ID at all.  The processing of PAD
>    described in Section 4.4.3.4 of [RFC4301] is updated for NULL Authentication.
>
>
> Then you can add a few sentences specific to what is updated and where
> that text goes in 4.4.3.4. This keeps the update very specific and we see
> this in drafts pretty regularly when just a bit of text is needed.
>
> The other sentence that is problematic in this section is:
>
> To add support for ID_NULL, it needs to be included into the
>    list of ID types, specified in Section 4.4.3.1 of [RFC4301].
>
>
> As such, Section 4.4.3.1 of [RFC4301] is updated as follows:
>
>
> Old:
>
>
> New:
>
>
>
> You could simply then add a sentence that provides the text to update the list of ID types, showing where it is added in that section with surrounding text in the old/new.  The way it is written now leaves you wondering if that list will get updated at some point in the future.
>
>
> One AD wasn't too fused and the other agreed (provided an alternative)
>
>      Given the wording in 2.4, this draft most certainly needs to update
> RFC 4301.  If it does not update 4301, it needs to subsume the necessary
> text from 4301 to make this spec standalone.  From a quick read of 4301,
> I think section 2.4 would be augmented with 3-4 blocks indicating what
> text in 4301 is updated.
>
>
> I'm fine with the alternative as well.
>
>
>
> Does this draft update RFC4322 at all?  I do see that it wasn't referenced, so maybe not, but figured I would check to be safe.
>
>
> Thanks.
>
>
>
>> > The next telechat is April 9th and this won't make it on it, so there
>> is time to get this update ready without holding up the draft.
>>
>> Unless you want us to make more changes to the draft, you might as well
>> put this into IETF Last Call now, even though it will miss the next
>> telechat.
>>
>> --Paul Hoffman
>
>
>
>
> --
>
> Best regards,
> Kathleen
>



-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email