Re: [IPsec] New Version Notification for draft-ietf-ipsecme-add-ike-04.txt
mohamed.boucadair@orange.com Wed, 31 August 2022 11:38 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F266C14F73B; Wed, 31 Aug 2022 04:38:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kcZyBF4RTzxj; Wed, 31 Aug 2022 04:38:47 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 565FEC14CE3F; Wed, 31 Aug 2022 04:38:47 -0700 (PDT)
Received: from opfedar02.francetelecom.fr (unknown [xx.xx.xx.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by opfedar21.francetelecom.fr (ESMTP service) with ESMTPS id 4MHhyX2Q97z7v0L; Wed, 31 Aug 2022 13:38:44 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1661945924; bh=sbOw885YdMW9h7TGm9B1AMZ8/BT/7ymq+3NmrVMjGIs=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=He+URYSJbfI9Mso9ivvizo8/59IKUcsGya/rDM7Y4zNNUwAKd1l9z1uS7fOZ0B8f9 qEsg4qVa6i5yGTa4ZG0qZuSK1oJ6X1qkPFsOf4VVe1MAx9OsneIDgikKTti+qiXhPq r1BmUXT0PayuSMLfcWy1RiYcxURiXgB6bHjKsfl+VfPXpkVuEO8b4VM0puWXsRWh5Y 8oPE+X3udrtDIXBJYsTnQiIDY9TalHAHB7Fb+BVjX33PyOOxGah3cb25nSpQMuYNM/ RCHqeZYpZ/+t3Vs6ySQUliMEP56sJqYb7Et6gv7yG6C45mNduJZOk7zV2LWPyDIZft Dlp81RJFuToqQ==
From: mohamed.boucadair@orange.com
To: Valery Smyslov <svan@elvis.ru>, 'Paul Wouters' <paul@nohats.ca>
CC: "ipsec@ietf.org" <ipsec@ietf.org>, 'Tero Kivinen' <kivinen@iki.fi>, "draft-ietf-ipsecme-add-ike@ietf.org" <draft-ietf-ipsecme-add-ike@ietf.org>
Thread-Topic: [IPsec] New Version Notification for draft-ietf-ipsecme-add-ike-04.txt
Thread-Index: Adi8j3bQiq3cF9Gvqk+uHK8xSRd9GgAnjjPQ
Content-Class:
Date: Wed, 31 Aug 2022 11:38:43 +0000
Message-ID: <1190_1661945924_630F4844_1190_142_1_5acce58bcf2242da8bed87e8ca744c9f@orange.com>
References: <014b01d8bc91$3d153730$b73fa590$@elvis.ru>
In-Reply-To: <014b01d8bc91$3d153730$b73fa590$@elvis.ru>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2022-08-31T11:37:26Z; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=541b28a1-b0f8-451a-97b4-1a458128d13b; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0
x-originating-ip: [10.115.26.52]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/hmbhr-mDm-rslGm1l6Gw6yGXydc>
Subject: Re: [IPsec] New Version Notification for draft-ietf-ipsecme-add-ike-04.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2022 11:38:51 -0000
Hi all, Please see one clarification inline. Cheers, Med > -----Message d'origine----- > De : Valery Smyslov <svan@elvis.ru> > Envoyé : mardi 30 août 2022 18:55 > À : 'Paul Wouters' <paul@nohats.ca>; BOUCADAIR Mohamed INNOV/NET > <mohamed.boucadair@orange.com> > Cc : ipsec@ietf.org; 'Tero Kivinen' <kivinen@iki.fi>; draft-ietf- > ipsecme-add-ike@ietf.org > Objet : Re: [IPsec] New Version Notification for draft-ietf- > ipsecme-add-ike-04.txt > > HI Paul, > > > On Tue, 30 Aug 2022, mohamed.boucadair@orange.com wrote: > > > > > This version takes into account the comments received during > the > > > WGLC, mainly the edits suggested by > > Tommy. > > > > If the initiator sends multiple attributes of a particular > type in > > the request, all of them MUST be distinct (either be empty > or > > containing different suggested resolvers). > > > > What does it mean when multiple attributes of a particular type > are > > sent, where one is empty and one is not empty? I think perhaps > this > > text means to say either it sends one empty one, or it sends > multiple > > non-empty ones? > > Yes (with a clarification - multiple _distinct_ non-empty ones). > > > Another comment on text unchanged in the latest revision that I > just > > noticed: > > > > For split-tunnel VPN configurations, the endpoint uses the > > Enterprise-provided encrypted DNS resolver to resolve > internal-only > > domain names. > > > > What if one of the reasons I want a split-tunnel, is to actually > use > > an encrypted DNS over the VPN to protect my non-VPN traffic? > This use > > case is not captured in A1? > > It seems so. > [Med] As a reminder, A1 is specific to the enterprise use case. The case mentioned by Paul can be met with the configuration in A2 (with some local policies). > Regards, > Valery. > > > Paul _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- Re: [IPsec] New Version Notification for draft-ie… mohamed.boucadair
- Re: [IPsec] New Version Notification for draft-ie… Paul Wouters
- Re: [IPsec] New Version Notification for draft-ie… Valery Smyslov
- Re: [IPsec] New Version Notification for draft-ie… mohamed.boucadair
- Re: [IPsec] New Version Notification for draft-ie… mohamed.boucadair
- Re: [IPsec] New Version Notification for draft-ie… Paul Wouters
- Re: [IPsec] New Version Notification for draft-ie… mohamed.boucadair
- Re: [IPsec] New Version Notification for draft-ie… Paul Wouters
- Re: [IPsec] New Version Notification for draft-ie… mohamed.boucadair
- Re: [IPsec] New Version Notification for draft-ie… Paul Wouters
- Re: [IPsec] New Version Notification for draft-ie… mohamed.boucadair