IETF Logo Mail Archive

Re: [IPsec] Alexey Melnikov's No Objection on draft-ietf-ipsecme-ddos-protection-09: (with COMMENT)

Yoav Nir <ynir.ietf@gmail.com> Tue, 27 September 2016 11:57 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEF3A12B11B; Tue, 27 Sep 2016 04:57:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AMXGOB0MCzNH; Tue, 27 Sep 2016 04:57:55 -0700 (PDT)
Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com [IPv6:2a00:1450:400c:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F07412B120; Tue, 27 Sep 2016 04:48:26 -0700 (PDT)
Received: by mail-wm0-x235.google.com with SMTP id l132so8575771wmf.1; Tue, 27 Sep 2016 04:48:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=AhBW++7ac4bvj4QkHPbCB2OWjZfb0fRUWiWlF5rhvks=; b=NPjbVrwvYUb+9Q6AmYTumvbck/HxalRJGRN11pGcbOyzz0uRuy2NBR7Yr0YHjtNgxU jMOpoY+Cmf0ZqFfx6NPianM6eUSoL0RbVmTdKuYS2K6rxOmvxRNpkouZb6KBnKmURBPw o5zNGcsADtzYHFa7y7TymyMxes9shYDB398/gtDr5ZpHmVVFjHDjwihOVMVFZYug7rau Lqg1cggg7emN9GYSRdlh1UCt3D8rddpG7H/dwGlnd91EMcanoI++VO7q8mSGZ9wwRaS3 vRGIznE2UHzV1PL6b8R1hE5uB0ZQl4LUd8vk3c742yOrj6R2w3835Ca2O0A+p71O0k1M 3Zww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:mime-version:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=AhBW++7ac4bvj4QkHPbCB2OWjZfb0fRUWiWlF5rhvks=; b=Lk6KPrO2atyt3TuZeStTmk8rEgAqe8vtduhbX5hTpT1CYnTj9vtSeZbj1SP3fgegoE 4tKvUVhB6GjHv+in+YJ3mo1ICXENV2Nb2deTQmf77NGC3b1Aesk8ez81LQw/sPBPIQgI /Ro6Vn9kBC51uY+8meF3kF1oRJab40XBwpippYmUzlT1YxP86ah2+EgMlqulmC8MdX38 9C1ZvtfYBQxW0MzKq0uCI0XIQU5Yzgvm7CE6eA8Oa9QhKz4+8Tv9oZQbkOFwvzEFMjtD Eh+gVUUxUpjQPDuANQjo72UqgOJ7Mr9rWIH/CO8jF6jYaDKX6oq7gyjl2kfWiUE/RsHk zWSw==
X-Gm-Message-State: AA6/9RkEfuqCB0RLr5qkgGJ/q0Zt5ctX9J6YkASLIm3JfyeBusQ7z7jknV+uP7UW7++KQw==
X-Received: by 10.28.93.14 with SMTP id r14mr2540089wmb.89.1474976904648; Tue, 27 Sep 2016 04:48:24 -0700 (PDT)
Received: from [172.24.250.172] (dyn32-131.checkpoint.com. [194.29.32.131]) by smtp.gmail.com with ESMTPSA id e187sm2734152wma.21.2016.09.27.04.48.23 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 27 Sep 2016 04:48:24 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Content-Type: text/plain; charset="utf-8"
From: Yoav Nir <ynir.ietf@gmail.com>
X-Priority: 3
In-Reply-To: <A15E6EB870994D89B8434065F1D66B0E@buildpc>
Date: Tue, 27 Sep 2016 14:48:21 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <0E788477-59F6-4736-B87C-8D75A6A8915F@gmail.com>
References: <147497133669.20752.15148121845053327482.idtracker@ietfa.amsl.com> <A15E6EB870994D89B8434065F1D66B0E@buildpc>
To: Valery Smyslov <svan@elvis.ru>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/eI__yLvRQaHdtkIueIhkPTpD2GQ>
Cc: ipsecme-chairs@ietf.org, draft-ietf-ipsecme-ddos-protection@ietf.org, Alexey Melnikov <aamelnikov@fastmail.fm>, ipsec@ietf.org, David Waltermire <david.waltermire@nist.gov>, The IESG <iesg@ietf.org>
Subject: Re: [IPsec] Alexey Melnikov's No Objection on draft-ietf-ipsecme-ddos-protection-09: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2016 11:57:57 -0000

> On 27 Sep 2016, at 2:42 PM, Valery Smyslov <svan@elvis.ru> wrote:
> 
> Hi Alexey,
> 
> payload type for the Puzzle Solution Payload is specified in the last sentence
> of Section 8.2:
> 
>  The payload type for the Puzzle Solution payload is <TBA by IANA>.
> 
> It is not included in the diagram in this section since the "Next Payload" field in generic payload header contains the type of the following payload, not the type of payload the diagram depicts.

But it is depicted in sections 7.1.2 and 7.2.2. In both cases denoted as PS (=puzzle solution):

From 7.1.2:
   If the Initiator supports puzzles and is ready to solve them, then it
   tries to solve the given puzzle.  After the puzzle is solved the
   Initiator restarts the request and returns back to the Responder the
   puzzle solution in a new payload called a Puzzle Solution payload
   (denoted as PS, see Section 8.2) along with the received COOKIE
   notification.

   HDR, N(COOKIE), [PS,] SA, KE, Ni, [V+][N+]   —>

From 7.2.2:
   If the IKE_SA_INIT response message contains the PUZZLE notification
   and the Initiator supports puzzles, it MUST solve the puzzle.  Note,
   that puzzle construction in the IKE_AUTH exchange differs from the
   puzzle construction in the IKE_SA_INIT exchange and is described in
   Section 7.2.3.  Once the puzzle is solved the Initiator sends the
   IKE_AUTH request message, containing the Puzzle Solution payload.

   HDR, PS, SK {IDi, [CERT,] [CERTREQ,]
               [IDr,] AUTH, SA, TSi, TSr}   -->

v2.23.0 | Report a Bug | By Email