Re: [IPsec] Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT)
"Eric Vyncke (evyncke)" <evyncke@cisco.com> Thu, 01 December 2022 11:57 UTC
Return-Path: <evyncke@cisco.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64AE8C14CE2F; Thu, 1 Dec 2022 03:57:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.897
X-Spam-Level:
X-Spam-Status: No, score=-11.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=ez5JbO7f; dkim=pass (1024-bit key) header.d=cisco.com header.b=bjLY72I/
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PoKyQTRfZmtb; Thu, 1 Dec 2022 03:57:50 -0800 (PST)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F731C14CF14; Thu, 1 Dec 2022 03:57:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=29670; q=dns/txt; s=iport; t=1669895870; x=1671105470; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=+peaHCfhDBRVIE9zqsE1Ra/RYKVvVD+B++cm2Zta8nE=; b=ez5JbO7f7QSEQrN43cnTIfXC14lmYAZZpJqgQlNpgib9Fsrsh6bsGXnA Zzmzu+H1n+/PR1n6jcC2BpnCZvJgv/GBMkqG6nfdwQYo2wvGSKvzP2bEO 3bHPA9D2RbOsdXT8l4HsJp0q8mHVIAv5NPdDGDHmbq6l9C4yCyrttiJM3 g=;
X-IPAS-Result: A0ADAAAUlohjmJldJa1aGgEBAQEBAQEBAQEDAQEBARIBAQEBAgIBAQEBgXsFAQEBAQsBgSkxUoECAlk6RYROg0wDhFBfiB0DgSmWJoQ5gSyBJQNWDwEBAQ0BATkLBAEBhQUCFoR1AiU0CQ4BAgQBAQEBAwIDAQEBAQEBAwEBBQEBAQIBBwQUAQEBAQEBAQEeGQUOECeFaA2GUwEBAQECARIRChMBATcBCwQCAQgOAwQBAQEnAwICAjAUBgMIAgQBDQUIGoJXBAGCFmkjAwEPo2IBgT8Cih96gTKBAYIIAQEGBASBOAGdZAMGgUABhzR0XAEBgy6EYiccgUlEgRVDgmc+gmICgWIVFoMqOYIuUotTgnuHOQc2A0QdQAMLOzIKQzULEUwrHBsHgQwqKBUDBAQDAgYTAyICDSgxFAQpEw0rJ28JAgMiYQUDAwQoLAMJIAQcBxURJDwHVjcBBAMCDyA4BgMJAwIiU4EhJgUDCxUlCAVJBAg5BQZTEgIKEQMSDwYmRQ5IPjkWBidCATAODhMDXYFpBDNIgSkKAi0umByBPgEtMxVPBCEiCAgUDi4rHRwRPQgJGQ+WAkaKKqIRCoNpi1GVJRaoPF6FcpFKIIRpiDqUdwQPhQICBAIEBQIOAQEGNYEtOg+BTHAVgyIfMxkPjiAZHoM7hD6GIHU7AgcBCgEBAwkBgjqHZAEB
IronPort-PHdr: A9a23:wsLljxPp2S76AS6kT+0l6ncDWUAX0o4cdiYZ6Zsi3rRJdKnrv5HvJ 1fW6vgliljVFZ7a5PRJh6uz0ejgVGUM7IzHvCUEd5pBBBMAgN8dygonBsPNAEbnLfnsOio9G skKVFJs83yhd0ZPH8OrbFzJqXr05jkXSX3C
IronPort-Data: A9a23:MGkZa65Rg6iTDixwLFz8hAxRtLPHchMFZxGqfqrLsTDasY5as4F+v mNLD22APPjfNDCkKNt3YIi+90gC7JCAn9cwTgZt+yBjZn8b8sCt6fZ1gavT04J+CuWZESqLO u1HMoGowPgcFyOa/lH3WlTYhSEUOZugHtIQM8aZfHEvLeNYYH1500g6wbZg2tQAbeWRWmthh /uj+6UzB3f9s9JEGjp8B3Wr8U4HUFza4Vv0j3RmDRx5lAa2e0o9UPrzEZqMw07QGeG4KAIVq 9Hrl9lV9kuBl/sk50jMfrzTKiXmSZaKVeSCZ+Y/t6WK2nB/SiIOPqkTJfMDeXZy1Dqyh45Y6 utvjri/GSYoIfiZ8Agde0Ew/yBWJ6ZK/vrMJmKy9JbVxEzdeHyqyPJrZK00FdRHoaAsXicfr rpBdWtlghOr34paxJq2VPhqjccuBMLqJ4gY/HpnyFk1CN58GcicGP6Uvre02h82m8dOEMnjT PAWNyQ+NiycbBRoKnMuXcdWcOCA3ymjLGIwREiujaU240Da1Apw2/7rPca9UteKTN9Rn0uAj mnB+nzkHhwActuFxlKt8XOyh+nCmwv6W4NUGrzQ3v9ym1CY7m0eFBNQUkG0ydG4klWzUNdSb kcU8ys0toAz+VClCN7nUHWQrGSNsAJZWtdMHag78BqAwa/ZpgeaC3ZeCztcbMAnrMs7AD8n/ l6Eg92vAiZg2JWURGmS3raZsT30PjIaRUcZeyYCZQYB/dj45psu5i8jVf55G6Kzy9byAzy1m XaBrTM1gPMYistjO7iHEU7vkjuztqnsEQEO/lv+fFyH1Sd2NK+keNn9gbTE1spoIIGcR1iHm XELncmC8ewDZa2weDyxrPYlR+v4u6nfWNHIqRs+QcZ5rWvFF2uLJ9g43d1oGKt+3i/okxfTY UTTsBld/5hVVJdBRfAqO9LoYyjGIFSJKDgIfurfYtwLaZ9reUrduipvfkWXmWvqlSDAcJ3T2 7/HL65A7l5DWcyLKQZaoc9Gj9fHIQhlnwvuqWjTlUjP7FZkWFabSK0eLHyFZf0j4aWPrW39q ogBZpvRkE0FAbKmM0E7FLL/y3hXfRDX4rir+6RqmhKreWKK5Ul4UaaKmON9E2Cbt/0Nxr2gE o6Btr9wkQqj2iKvxfSiYXF4Y7SnRodksX8+JkQR0aWAhRAejXKUxP5HLfMfJOB/nMQ6lKIcZ 6deIa2oXK8QIgkrDhxAN/HVtpJ5Th23iGqmZmz9CNTJV8Q+F1WhFx6NVlaHyRTi+QLp7JBl+ +H7jV2zrFhqb10KMfs6ocmHlzuZ1UXxUsorN6cUCrG/oHnRzbU=
IronPort-HdrOrdr: A9a23:AFpFR6wTqPWVUZXhitu9KrPxkuskLtp133Aq2lEZdPULSKKlfp GV88jziyWZtN9IYgBdpTiBUJPwJU80hqQFnrX5XI3SETUO3VHIEGgM1/qb/9SNIVydygcZ79 YcT0EcMqy9MbEZt7eA3ODQKb9Jq7PrkNHKuQ6d9QYWcegAUdAG0+4NMHfjLqQAfnghOXNWLu v42uN34x6bPVgHZMWyAXcIG8LZocfQqZ7gaRkaQzY69Qinl1qTmfHHOind+i1bfyJEwL8k/2 SAuRf+/L+fv/ayzQKZ/3PP7q5RhMDqxrJ4dYKxY4kuW3TRYzSTFcdcso65zXIISSaUmRMXee z30lcd1gJImjfsly+O0FzQMkLboUgTAjfZuC6laD3Y0IrErPZQMbsYuWqfGSGpsnbI9esMoJ 5jziaXsYFaAgjHmzm479/UVwtynk7xunY6l/UP5kYvGbf2RYUh27D3xnklWasoDWb/8sQqAe NuBMbT6LJfdk6bdWnQui1qzMa3Vno+Ex+aSgxa0/blmQR+jTR81Q8V1cYflnAP+NY0TIRF/f 3NNuBtmKtVRsEbYKphDKMKQNexCGbKXRXQWVjiamjPBeUCITbAupT36LI66KWjf4EJ1oI7nN DbXFZRpQcJCjXT4A21rel2Gzz2MRCAtG7Wu7JjDrBCy8/BeIY=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos; i="5.96,209,1665446400"; d="scan'208,217"; a="20073363"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 01 Dec 2022 11:57:48 +0000
Received: from mail.cisco.com (xfe-rtp-001.cisco.com [64.101.210.231]) by rcdn-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 2B1Bvlx5028799 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Thu, 1 Dec 2022 11:57:48 GMT
Received: from xfe-rcd-001.cisco.com (173.37.227.249) by xfe-rtp-001.cisco.com (64.101.210.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9; Thu, 1 Dec 2022 06:57:47 -0500
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-001.cisco.com (173.37.227.249) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9 via Frontend Transport; Thu, 1 Dec 2022 05:57:46 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CkurzC3y1o0DAvzHnBbaYMizwu7+pR1G8oL2pthbmGTcPsLhZGKBltNMc7qezSUr2YFFvWy6LoIjuRdy3o9+02d93zbswwhTMUbfYbHCHmD7BD97lKUoP/ylYf8AfE88ARIi2LDYMJYe74g1a8/GOY+vwk5C58G96esMgBxyR92RJUqSXga2WIiYH1dRn0LyOOheWlfK/ZjaTL3zh+0vWuCsoWgWP13R0xoN5cC5IdgiwIJaEM9fItLGG3CAkhk2ncfpmGwzscaRq6HACI2q9AuG4BWUAA+33zVpv02acbe19eJ7qUufMeS6S+Qii5+s2lpaiISqQwII32zv34+G/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+peaHCfhDBRVIE9zqsE1Ra/RYKVvVD+B++cm2Zta8nE=; b=TwEYsDTQtF+ZS9wGqm/j6EZoENGxN0ZFP8qAoBNGCR04nWQAj7PTTw2KMvcP9GIyWMrQ2L7maIatiRSMoQocd9h9Tndd4Ca/LRdlwAYx3hZKZKjTsQsH0pFPwvcYuKb65uwnNg6UxE/12jyA1/JtutE54BeONWBiNtgdauZC+wNiXTz6YOQqYiy8oFb2u/6KmC2MX1IXROzMaDSVnbCMOXW4KXHDGZZWFL8ZCMJHKWO1NOJe/Rhtpg3aoi7YFQCkBuUM55V2WMp9kdifEydN4qc9UxHJiFJfhBSt5MuU3xP7pCO+TOMgsug3EMlEJi+Bt2d5pwYplyvgWYuur1N77A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+peaHCfhDBRVIE9zqsE1Ra/RYKVvVD+B++cm2Zta8nE=; b=bjLY72I/bhFatAd0ezXb/r2pTrK6VakwMUQqK6AOLBzg1Fzzz3Do+leztJDgxO7AkRrorhaiBYXTaA0mzwWqBTI1r2RyN9MfQqAWz0aMKsthy2dZO/Z4/2yYFFbsUVE2V0M9UziVZD/ZfO+ZJbZYkPhf0oVSN7A2S2WV2wupAvw=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by DM4PR11MB5518.namprd11.prod.outlook.com (2603:10b6:5:39a::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5880.8; Thu, 1 Dec 2022 11:57:45 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::4fb9:9505:d986:8209]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::4fb9:9505:d986:8209%6]) with mapi id 15.20.5880.008; Thu, 1 Dec 2022 11:57:45 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Valery Smyslov <svan@elvis.ru>, 'The IESG' <iesg@ietf.org>
CC: "draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org" <draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org>, "ipsecme-chairs@ietf.org" <ipsecme-chairs@ietf.org>, "ipsec@ietf.org" <ipsec@ietf.org>, "kivinen@iki.fi" <kivinen@iki.fi>, "charliep@computer.org" <charliep@computer.org>, "gih@apnic.net" <gih@apnic.net>
Thread-Topic: Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT)
Thread-Index: AQHZBBqcxTLa/a5Y8Eq8UMXCcvBxIK5WgvCAgACVAYCAAdN0AP//+4UAgAAI98k=
Date: Thu, 01 Dec 2022 11:57:45 +0000
Message-ID: <PH0PR11MB49664BCBCEDE320C917D6803A9149@PH0PR11MB4966.namprd11.prod.outlook.com>
References: <166971468911.7554.15756404808608648113@ietfa.amsl.com> <150a01d9041a$9c8b3590$d5a1a0b0$@elvis.ru> <9F638EF3-9E79-42C2-9318-1353703D2A7B@cisco.com> <154301d90490$139fc5e0$3adf51a0$@elvis.ru> <A1DD6BE1-824A-4BB2-82A7-C956842AD70C@cisco.com> <16d801d90577$907a94e0$b16fbea0$@elvis.ru>
In-Reply-To: <16d801d90577$907a94e0$b16fbea0$@elvis.ru>
Accept-Language: fr-BE, en-US
Content-Language: fr-BE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR11MB4966:EE_|DM4PR11MB5518:EE_
x-ms-office365-filtering-correlation-id: 3905500c-4af5-4b04-f5e1-08dad3934258
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9W9x/A/2QKDds5DdWR7Rl0oOoJYCoqN7p0ILdZkL5Kv4XMhcvFcCt8PoqxTTgPgkQ6zUddQ/DC+hHsWg4viJoNoLwP1LucjYLDrNOtRgqDY12uAvxXf8PagJlHWHOdgi/vBvqr+aGN2ELvebI8S66iaI4my0gP7zwh7oZwrTDJDQlQwU/ofDcOuPlANVremlZb7op9WRexvv/NBicUAAKBzcNOA7eWOP4AiZ04hEIQAWXaEJTdBfD/k0a9jqWC+B56/Q5OOumNgq92DWT3Snt8J6PN1fgmDNVgGZS4lwf5ZsQS2EpfbgLd6aaJP/B0J61UzsI/Q+qTN8UGqZMjxxoUTN25lz9IMvqWDlIlzHY5GlOaxAxl4UOMk2NteO611KrP2BftEv8U7ewCrgYHBys2CwOgvRplVw9hYujKRA6W9hn8UU6V9E3J1lugwda7B4C5EHcGq6yDhH57YjtdCanVY7VOzLhINFccoEArqJs4ujemZoVnT8h1BWscQ4VHjzntNxgPwX9/S/Bq4CKMEN8vZYf1L1Jyel+T8sHeZDq1zKeR3F+ZHdVT8Qcd3H6EeGnT9LMZq/FGSAjiMVn2+pvrNvVjrZGMXLlHb1MAPVADFazf+m1S1wtxP+c8V918U6cRH/QuAuaD+9u15EZIg0Lant7k2awR+wmKQ5cwTs7Sqg5goEfkUiMNqOvbt1cMmbIZEwbRngS3sP4bGWs94YwfRlxK1vtBfM8FePfpThHsSq+VN+6nqyNilXT7adNBQwJJYMlTKwq68tTLOPBysRew==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(376002)(39860400002)(396003)(366004)(136003)(346002)(451199015)(186003)(66574015)(224303003)(110136005)(54906003)(316002)(966005)(478600001)(86362001)(45080400002)(38070700005)(166002)(38100700002)(122000001)(55016003)(33656002)(9686003)(26005)(6506007)(7696005)(53546011)(2906002)(83380400001)(71200400001)(91956017)(52536014)(8936002)(41300700001)(5660300002)(66946007)(66556008)(66476007)(66446008)(64756008)(4326008)(76116006); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: sdHowR96xM57FBEzJyga7jOaiMd0HHavA1ru+tor4zOYqkq3HdeYPftKw0oStXeHBjJZ6XT3e1YP8253o3qS780gtjkmsNEnx2785lPmsQN31qp+/obQxe1YscEyOmf7Lht3ccIU+wSunVAoNeDC1/HINsDapViUSwSG6IKDYy6wuQ+j/NNkWXwwYFA3+8XNdTEkQbVbiE2qem+h+YF+7XzbzbS5YRA/wA8eO8poAPXRg4faG+ppULgZLWibOGwHzF4WCCN5RLSzqDwBoysvT4LT2wTWc7BMuu546p/j/HTUEgB5yXbGlrGOfPjuK+X3eKv99Cf9TgqxC//uQeDDyXOjtKduncF0B8uqSeI74GzrHPok/Hs+UMqPvih9N6p9PkwyVHnI4Lwld2zjRfwNUQOxfSfEoRIB6v3fCJdMdEO77KM4J9nvpn30HNRSemYlkBTDyU8ck4hdsY9drrGMmF4Vnw15MGsIElqadJQMvVKONJRBIj7sxVrviCcd6PJyNnsfnDHBuyuPqFVSKci9Vq/3pANv4xQdLjXksn5zCu84rCpvwJ5kESoPhKwAUuFzA/nIDfYjMaSO35oiBAafDOP9WbSqRmr3LTnzOg6ZjghhjXI/4bmpIQPAN/8DxR+2Uj9sVoQ6n299Jsnax2UkYIn1Gskn7WmyZH6YCAcYVLD9kYxH4as2Fmzaj43ttug4j7BXOWlH90ztpxtOVBLfWf/E/KiN58U9Uo+8CYAEo1vzwV6kPhss4ZMi/YucHIiYV4dujwTsoHdrXpu+B59PdPVmU9ky+dv1MWw2sz2MIQMWnhNDNHXmd04/XofSvl5eMzRC7DJ0qJeXcosOOgRSt7LePf9GLO3Qe8shfhyw1+LR0imcL44N0cpxZsqE+OsfeTCcPUZ+bUFrv2AYMpl5yJA769WK+afu6mLFiW6bQTZpI6AFraG0OgGMvoQFXg6Ax8wgBQ2Y0d2Gz8kBCblyNRH6tY7YKvIC00crXtg6JayzcAWGXEHQFNk/TkjuUuAjT3Aq7TXmaN9Rw9nWeFhLaDBNbwwDzENDd3vRen9ApZOhw2ec/NdSfZ6eMhnvqfZbQEc5HJqGsWL1bQwcUHWeQKQXcYX8lhJr3xMCHjlZJH+NaM0KL2GAfgXm5b/oPZGg4PudZPo/FgWxmcxWqzWtgliUAaEAGoA2TR2WBzXMM3hYihEvKECw0vfHCprd2iWGSbd7lYZXSloy4Q3swb272LDYZJwx/opONuJhpJjORXN4aAmoTU2i0REmOrUsUwkqco7XaBf0yBgbXs2Vgj7f8wbKqJFnYMlJyesJTCbUt3sx9ak02I/d8C7+6y1VbKH9qW2WGCepnOsXFktgNkJAg1tzVSLvctxCW3Lm8Lk3TvHN48YND0uIUHWGHT0+vj/2rfUbxA6CWBsAcDaa21ovz/9lQithJY7sIsQoLM5SB3A1ajEukF2ytxlTYWm8vQ3e6u8vXXFvY/Ms1/z/OzrFrZWxn8h5YWVKWTzopxqHq+xxD5Zj0TbQlNTXKyJ3szaG8fUZ429MiqiI1mgevb93rymJYI/BG7h3RBoiguD58FNS7AfofkPMQjksXTXZKfFNBkJvuHIz/eADWez7SBFwnA==
Content-Type: multipart/alternative; boundary="_000_PH0PR11MB49664BCBCEDE320C917D6803A9149PH0PR11MB4966namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3905500c-4af5-4b04-f5e1-08dad3934258
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Dec 2022 11:57:45.2813 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Q0ykN9We+NyBqsOYHLK+Pfq1p/Sw1y4Tipvy0Mn2wX/3SYnl7LKWdIeo3iVJEqIfYV/IDrfSu5glLFN4xTRN4A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB5518
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 64.101.210.231, xfe-rtp-001.cisco.com
X-Outbound-Node: rcdn-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/ivQh46VbiN_PzEDpbgyvosMtn7c>
Subject: Re: [IPsec] Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Dec 2022 11:57:54 -0000
Valery, it works fine for me. Obtenir Outlook pour Android<https://aka.ms/AAb9ysg> ________________________________ De : Valery Smyslov <svan@elvis.ru> Envoyé : jeudi 1 décembre 2022, 12:25 À : Eric Vyncke (evyncke) <evyncke@cisco.com>; 'The IESG' <iesg@ietf.org> Cc : draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org <draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org>; ipsecme-chairs@ietf.org <ipsecme-chairs@ietf.org>; ipsec@ietf.org <ipsec@ietf.org>; kivinen@iki.fi <kivinen@iki.fi>; charliep@computer.org <charliep@computer.org>; gih@apnic.net <gih@apnic.net> Objet : RE: Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT) Hi Éric, > -----Original Message----- > From: Eric Vyncke (evyncke) [mailto:evyncke@cisco.com] > Sent: Thursday, December 01, 2022 1:41 PM > To: Valery Smyslov; 'The IESG' > Cc: draft-ietf-ipsecme-ikev2-multiple-ke@ietf.org; ipsecme-chairs@ietf.org; ipsec@ietf.org; > kivinen@iki.fi; charliep@computer.org; gih@apnic.net > Subject: Re: Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT) > > Hello Valery, > > Thanks for your suggested text for the abstract, may I suggest a little more concise (albeit less precise) > text for the 2nd paragraph (up to the authors of course): > > The primary application of this feature in IKEv2 is the ability to perform one or more > post-quantum key exchanges in conjunction with the classical key exchange, > so that the resulting shared key is resistant against quantum computer attacks. > Since there is currently no post-quantum key exchange that is against conventional (non- > quantum) > adversaries, performing multiple key exchanges with different post-quantum algorithms along > with the classical key exchange algorithms addresses this concern, since the > overall security is at least as strong as each individual primitive. I think in this text an important consideration is missing - that we now have enough trust in (EC)DH against conventional computers, but we don't have this level of trust in most post-quantum algorithms (both against conventional and quantum adversaries). That's why we want to combine them. Ah, I can see now that the original text can be interpreted, that we don't trust post-quantum key exchange only against conventional adversaries... We can modify the text as follows (make it more concise, less precise, but still correct, IMHO): Since there is currently no post-quantum key exchange that is studied at the level that (EC)DH is studied, performing multiple key exchanges with different post-quantum algorithms along with the well-established classical key exchange algorithms addresses this concern, since the overall security is at least as strong as each individual primitive. Is it OK? Regards, Valery. > > Hope this helps > > -éric > > > On 30/11/2022, 08:48, "iesg on behalf of Valery Smyslov" <iesg-bounces@ietf.org on behalf of > svan@elvis.ru> wrote: > > Hi Éric, > > > Hello Valery, > > > > TL;DR: Thanks for your reply and your comments. I agree with them ;-) > > > > If you want a more detailed reply, then look for EV> below > > OK, I snipped the text where we have an agreement. > > > Regards > > > > -éric > > [snipped] > > > > The bullet 2) is a nice explanation about *why* there must be multiple key > > > exchanges with different methods. Until reading that part, I was really > > > wondering why this I-D was about the link with PQC and multiple key exchanges. > > > Should this be mentioned in the abstract already ? > > > > I don't mind, but as far as I know, IESG wants abstract to be short :-) > > If you (and other ADs) think it's a good idea, then we'll add this text. > > > > EV> I know about short abstract, but they should also give an idea of the content & purpose > > If it is OK with the IESG we'll extend the abstract with this text. It will look like: > > This document describes how to extend the Internet Key Exchange Protocol > Version 2 (IKEv2) to allow multiple key exchanges to take place > while computing a shared secret during a Security Association (SA) setup. > > The primary application of this feature in IKEv2 is the ability to perform one or more > post-quantum key exchanges in conjunction with the classical (Elliptic Curve) Diffie-Hellman > (EC)DH key exchange, > so that the resulting shared key is resistant against quantum computer attacks. > Since there is currently no post-quantum key exchange that is trusted at > the level that (EC)DH is trusted for against conventional (non-quantum) > adversaries, performing multiple key exchanges with different post-quantum algorithms along > with the well-established classical key exchange algorithms addresses this concern, since the > overall security is at least as strong as each individual primitive. > > Another possible application for this extension is the ability to combine several key exchanges > in situations when no single key exchange algorithm is trusted by both initiator and responder. > > This document updates RFC7296 by renaming a transform type 4 from "Diffie-Hellman Group (D- > H)" > to "Key Exchange Method (KE)" and renaming a field in the Key Exchange Payload from "Diffie- > Hellman Group Num" > to "Key Exchange Method". It also renames an IANA registry for this transform type > from "Transform Type 4 - Diffie-Hellman Group Transform IDs" to > "Transform Type 4 - Key Exchange Method Transform IDs". These changes generalize > key exchange algorithms that can be used in IKEv2. > > Hope it's now clear and not *too* long :-) > > > > Should "FIPS" be prefixed by "USA" as in "USA FIPS" ? > > > > I don't know, rely on my co-authors (actually it seems that > > this is a well-known organization outside USA, but formally you are right). > > > > EV> I live a in Federal state as well (Belgium), so while I understand that FIPS stands for the USA one, > let's > > be inclusive. Up to you and the authors. > > No problem, will change the text to: > > USA Federal Information Processing Standards (FIPS) compliance. IPsec is widely used in Federal > Information > Systems and FIPS certification is an important requirement. > However, at the time of writing, none of the algorithms that is believed > to be post-quantum is FIPS compliant yet. Nonetheless, it is possible to combine > this post-quantum algorithm with a FIPS complaint key establishment method so that > the overall design remains FIPS compliant [NISTPQCFAQ]. > > Is it OK that prefix "USA" is added once and not to every appearance of "FIPS" ? > > The updated PR is available at: > https://github.com/post-quantum/ietf-pq-ikev2/pull/22 > > Regards, > Valery. > > > > ## Notes > > > > > > This review is in the ["IETF Comments" Markdown format][ICMF], You can use the > > > [`ietf-comments` tool][ICT] to automatically convert this review into > > > individual GitHub issues. > > > > > > [ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md > > > [ICT]: https://github.com/mnot/ietf-comments > > > > > > > > >
- [IPsec] Éric Vyncke's No Objection on draft-ietf-… Éric Vyncke via Datatracker
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Eric Vyncke (evyncke)
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Eric Vyncke (evyncke)
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Eric Vyncke (evyncke)