Re: [IPsec] Traffic visibility - consensus call
Russ Housley <housley@vigilsec.com> Tue, 05 January 2010 21:11 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C81573A67F2 for <ipsec@core3.amsl.com>; Tue, 5 Jan 2010 13:11:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CepnwrroouGt for <ipsec@core3.amsl.com>; Tue, 5 Jan 2010 13:11:20 -0800 (PST)
Received: from odin.smetech.net (mail.smetech.net [208.254.26.82]) by core3.amsl.com (Postfix) with ESMTP id 802C13A6767 for <ipsec@ietf.org>; Tue, 5 Jan 2010 13:11:20 -0800 (PST)
Received: from localhost (unknown [208.254.26.81]) by odin.smetech.net (Postfix) with ESMTP id BA1269A4726; Tue, 5 Jan 2010 16:11:19 -0500 (EST)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([208.254.26.82]) by localhost (ronin.smetech.net [208.254.26.81]) (amavisd-new, port 10024) with ESMTP id MNVoaR8gZ35J; Tue, 5 Jan 2010 16:11:18 -0500 (EST)
Received: from [192.168.2.112] (pool-173-66-67-45.washdc.fios.verizon.net [173.66.67.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 2BA879A471B; Tue, 5 Jan 2010 16:11:19 -0500 (EST)
Message-ID: <4B43AAF7.8030302@vigilsec.com>
Date: Tue, 05 Jan 2010 16:11:19 -0500
From: Russ Housley <housley@vigilsec.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.1) Gecko/20090902 Eudora/3.0b3
MIME-Version: 1.0
To: gabriel montenegro <g_e_montenegro@yahoo.com>
References: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BDF887A844@il-ex01.ad.checkpoint.com> <7F9A6D26EB51614FBF9F81C0DA4CFEC801BDF887A845@il-ex01.ad.checkpoint.com> <C49B4B6450D9AA48AB99694D2EB0A48361A819C5@rrsmsx505.amr.corp.intel.com> <378834.93787.qm@web82602.mail.mud.yahoo.com>
In-Reply-To: <378834.93787.qm@web82602.mail.mud.yahoo.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "ipsec@ietf.org" <ipsec@ietf.org>
Subject: Re: [IPsec] Traffic visibility - consensus call
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jan 2010 21:11:22 -0000
Gabriel: This is being discussed to resolve the concerns that I raised in IESG Evaluation. When this work was chartered, I expected as simple wrapper. The charter says: > - A standards-track mechanism that allows an intermediary device, such > as a firewall or intrusion detection system, to easily and reliably > determine whether an ESP packet is encrypted with the NULL cipher; and > if it is, determine the location of the actual payload data inside the > packet. The starting points for this work item are > draft-grewal-ipsec-traffic-visibility and draft-hoffman-esp-null-protocol. I think the chartering discussion would have been very different had the charter said that the proposed WG would develop an alternative to ESP. Russ On 1/5/2010 2:08 PM, gabriel montenegro wrote: > But I'd also like to question the process being followed. We've discussed these points numerous times in f2f meetings, on the mailing list, at virtual interims, etc. So I'm surprised to see the already established consensus being questioned all over again.
- [IPsec] Traffic visibility - consensus call Yaron Sheffer
- Re: [IPsec] Traffic visibility - consensus call Yoav Nir
- Re: [IPsec] Traffic visibility - consensus call Scott C Moonen
- [IPsec] Traffic visibility - consensus call Tero Kivinen
- Re: [IPsec] Traffic visibility - consensus call Dan McDonald
- Re: [IPsec] Traffic visibility - consensus call Stephen Kent
- Re: [IPsec] Traffic visibility - consensus call Grewal, Ken
- Re: [IPsec] Traffic visibility - consensus call gabriel montenegro
- Re: [IPsec] Traffic visibility - consensus call Paul Hoffman
- Re: [IPsec] Traffic visibility - consensus call gabriel montenegro
- Re: [IPsec] Traffic visibility - consensus call Paul Hoffman
- Re: [IPsec] Traffic visibility - consensus call Brian Swander
- Re: [IPsec] Traffic visibility - consensus call Mark Vondemkamp
- Re: [IPsec] Traffic visibility - consensus call Russ Housley
- Re: [IPsec] Traffic visibility - consensus call gabriel montenegro
- Re: [IPsec] Traffic visibility - consensus call Brian Swander
- Re: [IPsec] Traffic visibility - consensus call Russ Housley
- Re: [IPsec] Traffic visibility - consensus call Jack Kohn
- Re: [IPsec] Traffic visibility - consensus call Joseph Tardo
- Re: [IPsec] Traffic visibility - consensus call Jack Kohn
- Re: [IPsec] Traffic visibility - consensus call Jack Kohn
- Re: [IPsec] Traffic visibility - consensus call Jack Kohn
- Re: [IPsec] Traffic visibility - consensus call Bhatia, Manav (Manav)
- Re: [IPsec] Traffic visibility - consensus call gabriel montenegro
- Re: [IPsec] Traffic visibility - consensus call Zhen Cao
- Re: [IPsec] Traffic visibility - consensus call Venkatesh Sriram
- Re: [IPsec] Traffic visibility - consensus call Scott C Moonen
- Re: [IPsec] Traffic visibility - consensus call Stephen Kent
- Re: [IPsec] Traffic visibility - consensus call Stephen Kent
- Re: [IPsec] Traffic visibility - consensus call Brian Swander
- Re: [IPsec] Traffic visibility - consensus call Yaron Sheffer
- Re: [IPsec] Traffic visibility - consensus call Dragan Grebovich
- Re: [IPsec] Traffic visibility - consensus call Russ Housley
- Re: [IPsec] Traffic visibility - consensus call Stephen Kent
- Re: [IPsec] Traffic visibility - consensus call Stephen Kent
- Re: [IPsec] Traffic visibility - consensus call Brian Swander
- Re: [IPsec] Traffic visibility - consensus call Brian Swander
- Re: [IPsec] Traffic visibility - consensus call Paul Hoffman
- Re: [IPsec] Traffic visibility - consensus call Jack Kohn
- Re: [IPsec] Traffic visibility - consensus call Jack Kohn
- Re: [IPsec] Traffic visibility - consensus call Paul Hoffman
- Re: [IPsec] Traffic visibility - consensus call Stephen Kent
- [IPsec] What problem are we REALLY trying to solv… Dan McDonald
- Re: [IPsec] Traffic visibility - consensus call Dan Harkins
- Re: [IPsec] Traffic visibility - consensus call Yaron Sheffer
- Re: [IPsec] Traffic visibility - consensus call Scott C Moonen
- Re: [IPsec] Traffic visibility - consensus call Brian Swander
- Re: [IPsec] Traffic visibility - consensus call Brian Swander
- Re: [IPsec] Traffic visibility - consensus call Yaron Sheffer
- Re: [IPsec] Traffic visibility - consensus call Stephen Kent
- Re: [IPsec] Traffic visibility - consensus call Brian Swander
- Re: [IPsec] Traffic visibility - consensus call Brian Swander
- Re: [IPsec] Traffic visibility - consensus call Yaron Sheffer
- Re: [IPsec] Traffic visibility - consensus call Stephen Kent
- Re: [IPsec] Traffic visibility - consensus call Grewal, Ken
- Re: [IPsec] Traffic visibility - consensus call Yaron Sheffer
- Re: [IPsec] Traffic visibility - consensus call Brian Swander
- Re: [IPsec] Traffic visibility - consensus call Brian Swander
- Re: [IPsec] Traffic visibility - consensus call Stephen Kent
- Re: [IPsec] Traffic visibility - consensus call Stephen Kent
- Re: [IPsec] Traffic visibility - consensus call Stephen Kent
- Re: [IPsec] Traffic visibility - consensus call Paul Koning
- Re: [IPsec] Traffic visibility - consensus call Bill Sommerfeld
- Re: [IPsec] Traffic visibility - consensus call Brian Swander
- Re: [IPsec] Traffic visibility - consensus call Nicolas Williams
- Re: [IPsec] Traffic visibility - consensus call Grewal, Ken
- [IPsec] Traffic visibility - consensus call Sanchez, Mauricio (ProCurve)
- Re: [IPsec] Traffic visibility - consensus call Dan Harkins
- Re: [IPsec] Traffic visibility - consensus call Joy Latten
- Re: [IPsec] Traffic visibility - consensus call Jack Kohn
- Re: [IPsec] Traffic visibility - consensus call Grewal, Ken
- Re: [IPsec] Traffic visibility - consensus call Grewal, Ken
- Re: [IPsec] Traffic visibility - consensus call Dan Harkins
- Re: [IPsec] Traffic visibility - consensus call Charlie Kaufman
- Re: [IPsec] Traffic visibility - consensus call Yoav Nir
- Re: [IPsec] Traffic visibility - consensus call Yaron Sheffer
- Re: [IPsec] Traffic visibility - consensus call Yaron Sheffer
- Re: [IPsec] Traffic visibility - consensus call Daniel Migault
- Re: [IPsec] Traffic visibility - consensus call Stephen Kent
- Re: [IPsec] Traffic visibility - consensus call Grewal, Ken
- Re: [IPsec] Traffic visibility - consensus call Brian Swander
- Re: [IPsec] Traffic visibility - consensus call Brian Swander
- Re: [IPsec] Traffic visibility - consensus call Dan Harkins
- Re: [IPsec] Traffic visibility - consensus call Stephen Kent
- [IPsec] Traffic visibility - what are the assumpt… Stephen Kent
- Re: [IPsec] Traffic visibility - consensus call Brian Swander
- Re: [IPsec] Traffic visibility - consensus call Yaron Sheffer
- Re: [IPsec] Traffic visibility - consensus call Dan Harkins
- Re: [IPsec] Traffic visibility - consensus call Stephen Kent
- Re: [IPsec] Traffic visibility - consensus call Jack Kohn
- Re: [IPsec] Traffic visibility - consensus call Brian Swander
- Re: [IPsec] Traffic visibility - consensus call Joseph Tardo
- Re: [IPsec] Traffic visibility - consensus call Tero Kivinen
- Re: [IPsec] Traffic visibility - consensus call Tero Kivinen
- Re: [IPsec] Traffic visibility - consensus call Nicolas Williams
- Re: [IPsec] Traffic visibility - consensus call Brian Swander
- Re: [IPsec] Traffic visibility - consensus call Min Huang
- Re: [IPsec] Traffic visibility - consensus call Pasi.Eronen
- Re: [IPsec] Traffic visibility - consensus call Bhatia, Manav (Manav)
- Re: [IPsec] Traffic visibility - consensus call Dan Harkins
- Re: [IPsec] Traffic visibility - consensus call Bhatia, Manav (Manav)
- Re: [IPsec] Traffic visibility - consensus call Dan Harkins
- Re: [IPsec] Traffic visibility - consensus call Grewal, Ken
- Re: [IPsec] Traffic visibility - consensus call Stephen Kent