Re: [IPsec] [secdir] [Tsv-art] I-D Action: draft-ietf-ipsecme-rfc8229bis-07.txt

Valery Smyslov <valery@smyslov.net> Sun, 05 June 2022 05:27 UTC

Return-Path: <valery@smyslov.net>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5691CC14CF13; Sat, 4 Jun 2022 22:27:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=smyslov.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qalV9rM0DbyN; Sat, 4 Jun 2022 22:27:34 -0700 (PDT)
Received: from direct.host-care.com (direct.host-care.com [198.136.54.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0580C14F72A; Sat, 4 Jun 2022 22:27:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=smyslov.net ; s=default; h=Content-Type:MIME-Version:Message-ID:Date:Subject:In-Reply-To: References:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=i3xrfLai9g4hROYQEcwbcqcakzZX9ivgiuhRcAEBwuk=; b=WhCUiougB7MxHZUtn5vZY9V4t4 gkCicm2x72BPhoUQ+ESPGXbSMoh+Ms4bYx2xX+G0JaSF988kO/uBPuxbOux/LT8pAKSV4DvyonAmo SM2qyl65XgqT3B8p8Vz4KpQ1YC6cShMzynir+TXjleHfYFH6PcBLx/SFDQQQbHHb0IUwznfc2hTlO TUsWAFCZ9zXwzJYIb7s4m82DBVCVxjIVHNynC+v1+mULtVy3LRP88/GEF1Dxhv+5HztRxMtWrsw2H dznFVL/jBds5b3iufvSxKp7QtIjiSXmhmS+bKTu1/UVZaJgLRdD8JQtwQM4nXFEweHKg7a4gF3gv7 ttpaXGnQ==;
Received: from 89-179-107-27.broadband.corbina.ru ([89.179.107.27]:7200 helo=chichi) by direct.host-care.com with esmtpsa (TLS1.2) tls TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from <valery@smyslov.net>) id 1nxinB-0003gN-FC; Sun, 05 Jun 2022 01:27:14 -0400
From: Valery Smyslov <valery@smyslov.net>
To: touch@strayalpha.com, 'Valery Smyslov' <smyslov.ietf@gmail.com>
Cc: secdir@ietf.org, gen-art@ietf.org, ipsec@ietf.org, 'Reese Enghardt' <ietf@tenghardt.net>, 'tsv-art' <tsv-art@ietf.org>
References: <165427134661.3358.1773230986010358694@ietfa.amsl.com> <020d01d87763$50f65c20$f2e31460$@gmail.com> <3925A5FF-90B1-415D-BDBD-F31DC27C072E@strayalpha.com>
In-Reply-To: <3925A5FF-90B1-415D-BDBD-F31DC27C072E@strayalpha.com>
Date: Sun, 05 Jun 2022 08:27:10 +0300
Message-ID: <000c01d8789c$e9d150f0$bd73f2d0$@smyslov.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_000D_01D878B6.0F253FB0"
X-Mailer: Microsoft Outlook 14.0
Content-Language: ru
Thread-Index: AQMSHNcy18MVat4h80cFKim9ornoiQGLDXQ7AmVKQYqqrXz/kA==
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - direct.host-care.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - smyslov.net
X-Get-Message-Sender-Via: direct.host-care.com: authenticated_id: valery@smyslov.net
X-Authenticated-Sender: direct.host-care.com: valery@smyslov.net
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/ezRZ1qCrof2YZp_isI80HF6Og5Q>
Subject: Re: [IPsec] [secdir] [Tsv-art] I-D Action: draft-ietf-ipsecme-rfc8229bis-07.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Jun 2022 05:27:39 -0000

Hi Joe,

 

From: secdir [mailto:secdir-bounces@ietf.org] On Behalf Of touch@strayalpha.com
Sent: Saturday, June 04, 2022 3:48 AM
To: Valery Smyslov
Cc: secdir@ietf.org; gen-art@ietf.org; ipsec@ietf.org; Reese Enghardt; tsv-art
Subject: Re: [secdir] [Tsv-art] [IPsec] I-D Action: draft-ietf-ipsecme-rfc8229bis-07.txt

 

This looks good, though I might suggest adding the update to security considerations to the document change summary in Sec 1.1.

 

          Good point, will do.

 

          Thank you,

          Valery.

 

Joe

 

—

Dr. Joe Touch, temporal epistemologist

www.strayalpha.com





On Jun 3, 2022, at 9:02 AM, Valery Smyslov <smyslov.ietf@gmail.com> wrote:

 

Hi,

we published a new version, which should address comments
received during IETF LC and directorate reviews.

Many thanks for very helpful reviews!

Regards,
Tommy & Valery.




-----Original Message-----
From: IPsec [mailto:ipsec-bounces@ietf.org] On Behalf Of internet-drafts@ietf.org
Sent: Friday, June 03, 2022 6:49 PM
To: i-d-announce@ietf.org
Cc: ipsec@ietf.org
Subject: [IPsec] I-D Action: draft-ietf-ipsecme-rfc8229bis-07.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions WG of the IETF.

       Title           : TCP Encapsulation of IKE and IPsec Packets
       Authors         : Tommy Pauly
                         Valery Smyslov
          Filename        : draft-ietf-ipsecme-rfc8229bis-07.txt
          Pages           : 34
          Date            : 2022-06-03

Abstract:
  This document describes a method to transport Internet Key Exchange
  Protocol (IKE) and IPsec packets over a TCP connection for traversing
  network middleboxes that may block IKE negotiation over UDP.  This
  method, referred to as "TCP encapsulation", involves sending both IKE
  packets for Security Association establishment and Encapsulating
  Security Payload (ESP) packets over a TCP connection.  This method is
  intended to be used as a fallback option when IKE cannot be
  negotiated over UDP.

  TCP encapsulation for IKE and IPsec was defined in RFC 8229.  This
  document updates the specification for TCP encapsulation by including
  additional clarifications obtained during implementation and
  deployment of this method.  This documents obsoletes RFC 8229.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-ipsecme-rfc8229bis/

There is also an htmlized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-rfc8229bis-07

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-rfc8229bis-07


Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts


_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec


_______________________________________________
Tsv-art mailing list
Tsv-art@ietf.org
https://www.ietf.org/mailman/listinfo/tsv-art