Re: [IPsec] Erik Kline's Yes on draft-ietf-ipsecme-ipv6-ipv4-codes-05: (with COMMENT)
mohamed.boucadair@orange.com Thu, 17 December 2020 05:39 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 315F53A147B; Wed, 16 Dec 2020 21:39:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E4VEAgYpotLq; Wed, 16 Dec 2020 21:39:04 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B51B3A1474; Wed, 16 Dec 2020 21:39:04 -0800 (PST)
Received: from opfednr03.francetelecom.fr (unknown [xx.xx.xx.67]) by opfednr20.francetelecom.fr (ESMTP service) with ESMTP id 4CxLQZ5l04z1yFL; Thu, 17 Dec 2020 06:39:02 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1608183542; bh=Tn/iXfGxLowLvyz5fWHrHQqZLxjwTyyE4gkjczw7KIM=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=Gtnk6OqzJIAxv9J/Kbetuw41wSkmenCqHTQ/yfVyopLKux85sTGvkelUZVAUcNbRl 44yvibTJ2yAJEaTrOymWZoul5slQ00EN8odYix4kZFkNBwK7zWB3MTfbLesh7ojCT8 chPJkrvjw1Cwnksap86XoQ9SY6KIPAxux0f5aWzkm64FNRyFHDiHYcfN6FTwgDXmlT LwMQhgGI6UJyFKnN9bC1TEKR/rtW0Je8jincBbQNu1vvO6uM5OPLBuxrnmPfp+asWu syYQNuXPUvPeuYX9HVLdi+POtP4/WZaS3LeMqXiLWsafs8G1WW8AnAsvk9idmi+8pW HJ2uSsBR66lsQ==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.23]) by opfednr03.francetelecom.fr (ESMTP service) with ESMTP id 4CxLQZ45nkzDq8r; Thu, 17 Dec 2020 06:39:02 +0100 (CET)
From: mohamed.boucadair@orange.com
To: Erik Kline <ek.ietf@gmail.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-ipsecme-ipv6-ipv4-codes@ietf.org" <draft-ietf-ipsecme-ipv6-ipv4-codes@ietf.org>, "ipsecme-chairs@ietf.org" <ipsecme-chairs@ietf.org>, "ipsec@ietf.org" <ipsec@ietf.org>, David Waltermire <david.waltermire@nist.gov>, Yoav Nir <ynir.ietf@gmail.com>
Thread-Topic: Erik Kline's Yes on draft-ietf-ipsecme-ipv6-ipv4-codes-05: (with COMMENT)
Thread-Index: AQHW1Bp2mucC70DqgkmssO9/DsEauKn6vYJg
Date: Thu, 17 Dec 2020 05:39:01 +0000
Message-ID: <28520_1608183542_5FDAEEF6_28520_376_1_787AE7BB302AE849A7480A190F8B93303159ECDE@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <160817131443.8881.5607800924571365314@ietfa.amsl.com>
In-Reply-To: <160817131443.8881.5607800924571365314@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/iOr5iHTlSvkK51tT3WFZ4JXs7Sk>
Subject: Re: [IPsec] Erik Kline's Yes on draft-ietf-ipsecme-ipv6-ipv4-codes-05: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2020 05:39:06 -0000
Hi Erik , Thank you for the comments. Focusing on the second question as I already clarified the first one. The notification codes are designed so that the responder will always reply with the same values (that reflect its capabilities) and not as a function of the request. So, both codes will be returned together with the assigned address/prefix. If the initiator is still interested in the other AF, it has to follow: If a dual-stack initiator requests both an IPv6 prefix and an IPv4 address but receives an IPv6 prefix (or an IPv4 address) only with both IP4_ALLOWED and IP6_ALLOWED notification status types from the responder, the initiator MAY send a request for the other AF (i.e., IPv4 address (or IPv6 prefix)). In such case, the initiator MUST create a new IKE Security Association (SA) and request that another address family using the new IKE SA. Cheers, Med > -----Message d'origine----- > De : Erik Kline via Datatracker [mailto:noreply@ietf.org] > Envoyé : jeudi 17 décembre 2020 03:15 > À : The IESG <iesg@ietf.org> > Cc : draft-ietf-ipsecme-ipv6-ipv4-codes@ietf.org; ipsecme- > chairs@ietf.org; ipsec@ietf.org; David Waltermire > <david.waltermire@nist.gov>; Yoav Nir <ynir.ietf@gmail.com>; > ynir.ietf@gmail.com > Objet : Erik Kline's Yes on draft-ietf-ipsecme-ipv6-ipv4-codes-05: > (with COMMENT) > > Erik Kline has entered the following ballot position for > draft-ietf-ipsecme-ipv6-ipv4-codes-05: Yes > > When responding, please keep the subject line intact and reply to > all email addresses included in the To and CC lines. (Feel free to > cut this introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss- > criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ipv6-ipv4-codes/ > > > > -------------------------------------------------------------------- > -- > COMMENT: > -------------------------------------------------------------------- > -- > > [[ comments/questions ]] > > [ section 5 ] > > * I concur with Eric V. w.r.t. MUST vs SHOULD for dualstack > initiators. > As written it seems to me like it might be overspecified. > > * I'm confused about the last entry in the table. If there's a > policy > restriction to only a single address family, are both IP4 and IP6 > _ALLOWED returned? Instead of "4,6" should this be "4|6"? > > _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [IPsec] Erik Kline's Yes on draft-ietf-ipsecme-ip… Erik Kline via Datatracker
- Re: [IPsec] Erik Kline's Yes on draft-ietf-ipsecm… mohamed.boucadair