Re: [IPsec] Last Call: <draft-kivinen-ipsecme-secure-password-framework-01.txt> (Secure Password Framework for IKEv2) to Informational RFC
Yaron Sheffer <yaronf.ietf@gmail.com> Fri, 29 July 2011 21:31 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AE595E801D for <ipsec@ietfa.amsl.com>; Fri, 29 Jul 2011 14:31:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hIwwFej6mvzh for <ipsec@ietfa.amsl.com>; Fri, 29 Jul 2011 14:31:10 -0700 (PDT)
Received: from mail-ww0-f44.google.com (mail-ww0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id 8E08022800F for <ipsec@ietf.org>; Fri, 29 Jul 2011 14:31:10 -0700 (PDT)
Received: by wwe5 with SMTP id 5so2656413wwe.13 for <ipsec@ietf.org>; Fri, 29 Jul 2011 14:31:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=wfA/vRp2rq+TbjeiCzzZxQAWbXsfKZTYTefDvJ7UbMY=; b=C/AGe8uboZ2ItIZ8uoUQmx8EkZ7l9OcF4ERQ/bWtwflCNkttHbmVx4PXjwxYUhe5ch 2Cpx5TUWgFt59/PIIaNVValZvks276geqTQqOAG/x3Yty7+Bq/utwSpOGzJ97BAuCx57 Xr0QcKB2k7U19Dm78iBL5cpmulgVY9PHJzVes=
Received: by 10.227.137.14 with SMTP id u14mr2438680wbt.31.1311975069633; Fri, 29 Jul 2011 14:31:09 -0700 (PDT)
Received: from [10.0.0.5] (bzq-79-179-237-205.red.bezeqint.net [79.179.237.205]) by mx.google.com with ESMTPS id fx12sm2070990wbb.42.2011.07.29.14.31.06 (version=SSLv3 cipher=OTHER); Fri, 29 Jul 2011 14:31:08 -0700 (PDT)
Message-ID: <4E332698.20900@gmail.com>
Date: Sat, 30 Jul 2011 00:31:04 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:5.0) Gecko/20110627 Thunderbird/5.0
MIME-Version: 1.0
To: Tero Kivinen <kivinen@iki.fi>
References: <20110727164459.29853.48303.idtracker@ietfa.amsl.com> <7C54FFE2-FFE0-4B4C-BF7E-142A6B10DF6B@checkpoint.com> <78B594BA-9406-44A2-AB8E-0BF5A425AEC1@vpnc.org> <7828ad8727dd860ccd6c5eb5acd52c19.squirrel@www.trepanning.net> <4E30F876.70200@gmail.com> <20017.29145.171495.225683@fireball.kivinen.iki.fi>
In-Reply-To: <20017.29145.171495.225683@fireball.kivinen.iki.fi>
Content-Type: text/plain; charset="windows-1255"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: IPsecme WG <ipsec@ietf.org>, Dan Harkins <dharkins@lounge.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [IPsec] Last Call: <draft-kivinen-ipsecme-secure-password-framework-01.txt> (Secure Password Framework for IKEv2) to Informational RFC
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2011 21:31:11 -0000
[Removing the main IETF list]
Hi Tero,
it doesn't matter exactly what negotiation is used, as long as two peers
can offer multiple methods in IKE_SA_INIT, and find out which auth
methods they have in common, if any. This is true for PACE, and also for
version -04 of SPSK, i.e. before it adopted your framework.
Regarding IANA allocation, I would like to quote from RFC 5226:
"The designated expert is responsible for initiating and coordinating
the appropriate review of an assignment request. The review may be wide
or narrow, depending on the situation and the judgment of the designated
expert. This may involve consultation with a set of technology experts,
discussion on a public mailing list, consultation with a working group
(or its mailing list if the working group has disbanded), etc. [...]
Designated experts are expected to be able to defend their decisions to
the IETF community, and the evaluation process is not intended to be
secretive or bestow unquestioned power on the expert."
I certainly do not want to turn the IANA allocation into a "fight". I do
think the community needs to be consulted.
Thanks,
Yaron
On 07/28/2011 05:27 PM, Tero Kivinen wrote:
> Yaron Sheffer writes:
>> Back to the matter at hand: I am opposed to
>> draft-kivinen-ipsecme-secure-password-framework. It has served its
>> purpose when two of the proposals were changed to add method
>> negotiation, and thus enable IKE peers to implement none, one or more of
>> these methods.
> Actually there is currently only one draft, draft-shin-augmented-pake,
> which follows my negotiation process. The
> draft-harkins-ipsecme-spsk-auth author did say he is going to change
> his draft, but the draft is not yet there, and then there is
> draft-kuegler-ipsecme-pace-ikev2 (which you are co-author) which is
> doing negotiation differently and I do not know whether that is going
> to change to use same way than others.
>
>> I believe the other justifications for this draft, including the
>> preservation of IANA IKEv2 namespaces, are bogus.
> As an IANA Expert for the registries in question I strongly disagree.
>
> If you want to delay this fight to the IANA allocation time, that is
> fine by me, but I will point it out already now that I will be against
> allocating separate code points for each protocol as there is no need
> for that.
>
>> Adopting the rest of the framework would be a useless exercise.
> Keeping the IANA registries clean is important for me, in addition to
> make it easy to implement multiple methods in the same implementation.
> I do not consider them as useless resons. Especially as it only causes
> very small changes to the actual protocol drafts (I would expect less
> than an one hour of work).
- [IPsec] Last Call: <draft-kivinen-ipsecme-secure-… The IESG
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sec… Yoav Nir
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sec… Tero Kivinen
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sec… Paul Hoffman
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sec… Dan Harkins
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sec… Yaron Sheffer
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sec… Dan Harkins
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sec… Tero Kivinen
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sec… Tero Kivinen
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sec… David Arnold
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sec… Nico Williams
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sec… Yaron Sheffer
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sec… Yaron Sheffer
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sec… Dan Harkins
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sec… Tero Kivinen
- [IPsec] Role of the IANA expert reviewer Paul Hoffman
- Re: [IPsec] Role of the IANA expert reviewer Dan Harkins
- Re: [IPsec] Role of the IANA expert reviewer Sean Turner
- [IPsec] Role of the IANA expert reviewer Tero Kivinen
- Re: [IPsec] Role of the IANA expert reviewer Paul Hoffman
- Re: [IPsec] Role of the IANA expert reviewer Paul Hoffman
- Re: [IPsec] Role of the IANA expert reviewer Yoav Nir
- Re: [IPsec] Role of the IANA expert reviewer Tero Kivinen
- Re: [IPsec] Role of the IANA expert reviewer Tero Kivinen
- Re: [IPsec] Role of the IANA expert reviewer Yoav Nir
- Re: [IPsec] Role of the IANA expert reviewer Yaron Sheffer
- Re: [IPsec] Role of the IANA expert reviewer Yoav Nir
- Re: [IPsec] Role of the IANA expert reviewer Yaron Sheffer
- Re: [IPsec] Role of the IANA expert reviewer Sean Turner