IETF Logo Mail Archive

Re: [IPsec] Additional charter items 3/4: Labeled IPsec

Yoav Nir <ynir.ietf@gmail.com> Fri, 16 February 2018 18:16 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D243128C0A for <ipsec@ietfa.amsl.com>; Fri, 16 Feb 2018 10:16:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HSf4bgEymIFS for <ipsec@ietfa.amsl.com>; Fri, 16 Feb 2018 10:16:00 -0800 (PST)
Received: from mail-wr0-x244.google.com (mail-wr0-x244.google.com [IPv6:2a00:1450:400c:c0c::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B34EE12AF84 for <ipsec@ietf.org>; Fri, 16 Feb 2018 10:15:57 -0800 (PST)
Received: by mail-wr0-x244.google.com with SMTP id n7so3775662wrn.5 for <ipsec@ietf.org>; Fri, 16 Feb 2018 10:15:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=W8YVeZ9XA8pxwoB3L4iEbHgOh7baTPCwuOtvwgV4Jtk=; b=tWRLjSeHq95dFkKkeqeX13pkb931RrcMq6FDNrEhZ3GRQZr0JbWbiBX+Ds6SnkV6K3 uu5S3mOqscxYkG0tWqoFiIHxtPDsCQOFNbZ3rT5zB1wWkpRga22QIUauCpt1mu1j0kAa 6arFXxXVQ1F5HVikgJBzRsn8NrB40vB/D8a9Nv3EY8ffGj751VYqMlpsGKkSLwNPfG3i mtKSBpHDZID3EE9grddbgALdxVgObQSIsFvlhacV5ldGNAsYwqlZgzIzmmUuHQICyQ9M WH8ZGQCcw1HB2yXV5VSsKcWBQTDee1s9KLak2eYFovOYfZW3hoSrfwo+luRv02xytAam vihw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=W8YVeZ9XA8pxwoB3L4iEbHgOh7baTPCwuOtvwgV4Jtk=; b=ANjz3U0tOCr/LhKqH3ZF6QOgqjeTzQwXmUHbsLzHBOaaElcHy8u9A7niMjJu1dKPy9 8y47oYvV9WIv58ACuJZw+gjdMRQVmucumXm31G8JN62oUwci0998eWQThUbaldNLQoT2 EUiM380T/55F9HAzIfXY+AgoLzwA20wvBCc/n7clNArnerZbdZUmFkaQLjPEspVaW590 QIzRCsDevlEkq1M/oCk7e/PynVzTF/I1J94mbs6OzFu1qK/BMyek5PUV6ERjHQNwoava 63CL/FEeh0edhftSmIV+buxxFLE2cPeXyjlUYs+y1x0+DA5uRsVeXYqdsZhlZxWQI8Cb HVjg==
X-Gm-Message-State: APf1xPDIqNq0rbjo8W8zVjOS6LLPG2C8aC3sxASD2metycUALsB5A3lz zT1aRWInKTBMAIwnoSqgRBcRuV6H
X-Google-Smtp-Source: AH8x224CW+wQ6JzztAfyRZK8/rfFD1WECuCPawllOOev2nyRnbBRj+/X34XKXhSehcXUJmHIgSydpQ==
X-Received: by 10.223.157.71 with SMTP id o7mr7077503wre.248.1518804956177; Fri, 16 Feb 2018 10:15:56 -0800 (PST)
Received: from [192.168.1.18] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id b65sm32240402wrd.26.2018.02.16.10.15.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 16 Feb 2018 10:15:55 -0800 (PST)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <AEA23835-07D1-4C8E-B0E8-250066361A0D@gmail.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_0CEBBA75-DE04-4122-BCC5-E596CBD49036"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Date: Fri, 16 Feb 2018 20:15:53 +0200
In-Reply-To: <23175.7597.238297.330233@fireball.acr.fi>
Cc: ipsec@ietf.org
To: Tero Kivinen <kivinen@iki.fi>
References: <23175.7597.238297.330233@fireball.acr.fi>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/e9LtoZmXLHqdmdHXkeXmsD6x0_s>
Subject: Re: [IPsec] Additional charter items 3/4: Labeled IPsec
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Feb 2018 18:16:03 -0000


> On 16 Feb 2018, at 20:06, Tero Kivinen <kivinen@iki.fi> wrote:
> 
> This charter text was not ready during the IETF 100, we just had very
> short description about the item, and I think most of the people did
> not really understand it.
> 
> The proposed charter text for this item is:
> 
> ----------------------------------------------------------------------
> Some systems support security labels (aka security context) as one of
> the selectors of the SPD. This label needs to be part of the IKE
> negotiation for the IPsec SA. non-standard implementations exist for
> IKEv1 (formerly abusing IPSEC Security Association Attribute 10, now
> using private space IPSEC Security Association Attribute 32001). The
> work is to standarize this for IKEv2.
> ----------------------------------------------------------------------
> 
> Is that charter text clear enough?

Yeah, I think anyone who’s heard of multilevel security understands what is proposed here.

> Is there enough people interested
> in this?

I guess, since MLS keeps coming up…

I’m not, but I’m not opposed to doing this as long as there’s no burden on non-supporting implementations.

> 
> Send your comments and whether you support adding this to the charter
> to the ipsec list in next two weeks.
> --
> kivinen@iki.fi
> 
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email