[IPsec] Preliminary minutes for the IPsecME meeting
Tero Kivinen <kivinen@iki.fi> Thu, 28 March 2019 16:18 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F7C0120096 for <ipsec@ietfa.amsl.com>; Thu, 28 Mar 2019 09:18:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.42
X-Spam-Level:
X-Spam-Status: No, score=-3.42 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30hepgPpEcDz for <ipsec@ietfa.amsl.com>; Thu, 28 Mar 2019 09:18:04 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9AEB12008A for <ipsec@ietf.org>; Thu, 28 Mar 2019 09:18:03 -0700 (PDT)
Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id x2SGI06K014277 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <ipsec@ietf.org>; Thu, 28 Mar 2019 18:18:00 +0200 (EET)
Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id x2SGI0Rr010194; Thu, 28 Mar 2019 18:18:00 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <23708.62392.134470.902330@fireball.acr.fi>
Date: Thu, 28 Mar 2019 18:18:00 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: ipsec@ietf.org
X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd)
X-Edit-Time: 2 min
X-Total-Time: 2 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/jD_noyt41ZGc7CfnPTDpPAszXYQ>
Subject: [IPsec] Preliminary minutes for the IPsecME meeting
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2019 16:18:08 -0000
Here is the preliminary minutes for the todays IPsecME meeting. Thank you for Yoav for taking the notes, and Paul for jabber scribing. If you have any comments, corrections or additions to minutes, post them as soon as possible. I will submit these to the meeting materials early next week. ---------------------------------------------------------------------- IETF 104 IPsecME WG meeting in Prague Thursday, March 28, 2019 10:50-12:20 Karlin 1/2 Agenda: - Agenda bashing, Logistics -- Chairs (5 min) - Draft status -- Chairs (10 min) - draft-ietf-ipsecme-split-dns - draft-ietf-ipsecme-qr-ikev2 - draft-ietf-ipsecme-implicit-iv - draft-ietf-ipsecme-ipv6-ipv4-codes - Work items - Intermediate Exchange in the IKEv2 Protocol - Valery Smyslov (10 min) - draft-smyslov-ipsecme-ikev2-aux-02 - Post-quantum Key Exchanges in IKEv2 - Valery Smyslov (10 min) - draft-tjhai-ipsecme-hybrid-qske-ikev2-03 - An implementor's view on Hybrid PQKE in IKEv2 - Tobias Heider (10 min) - PQC for IKEv2 in strongSwan - Leonie Bruckert (5 min) - ESP Header Compression and Diet-ESP - Tobias Guggemos (10 min) - draft-mglt-ipsecme-diet-esp-07 - Labeled IPsec - Paul Wouters (10 min) - draft-ietf-ipsecme-labeled-ipsec - IKEv1 Graveyard - Paul Wouters (5 min) - draft-pwouters-ikev1-ipsec-graveyard - Other presentations - IP Traffic Flow Security - Christian Hopps (15 min) - draft-hopps-ipsecme-iptfs-00 Agenda bashing, Logistics ========================= Slides: https://datatracker.ietf.org/meeting/104/materials/slides-104-ipsecme-chair-slides-04 (no agenda bashing) Draft status ============ draft-ietf-ipsecme-qr-ikev2 has a nit. Waiting for resolution to proceed Valery: Nit is a false positive; will make it go away very soon. Draft-ietf-ipsecme-ipv6-ipv4-codes ================================== Tero talked about draft-ietf-ipsecme-ipv6-ipv4-codes The room was polled about the alternate designs. Valery: Use status notification states rather than error. Prefers Tero's design (over his own) Tero: Not enought people commenting here. Both are acceptable. Will take to the list. Intermediate Exchange in the IKEv2 Protocol =========================================== Valery Smyslov - draft-smyslov-ipsecme-ikev2-aux-02 Slides: https://datatracker.ietf.org/meeting/104/materials/slides-104-ipsecme-intermediate-exchange-in-the-ikev2-00 Paul Wouters: Update 7296? Because it changes the msgid of IKE_AUTH Valery: Will check PW: Silly to send an empty intermediate. Need to know what to ef Valery: An accompanying document will define what it goes there. Always need a new one. PW: rename to IKE_INTERMEDIATE, since this applies to IKE only Valery: don't mind. Tommy: Seems fine with msgid. RFC 7296 doesn't require it to be 1 for IKE_AUTH Tobias Heider: ?? Valery: This is just a framework document Tero: It's OK to say this is just a framework. The documents that actually use it will define what goes in it. Tobias Guggemos: You can do PQ in IKE_INIT if you don't need IKE fragmentation. Tero: Too early for hum. Are we only going to ever have one? Tero: Any objection for adoption? (crickets) Tero: So will push the button and make this a WG draft (already asked on the list) Post-quantum Key Exchanges in IKEv2 =================================== Valery Smyslov - draft-tjhai-ipsecme-hybrid-qske-ikev2-03 Slides: https://datatracker.ietf.org/meeting/104/materials/slides-104-ipsecme-post-quantum-key-exchanges-in-ikev2-00 Surprisingly, a document using INTERMEDIATE IKE_INTERMEDIATE. What are the odds? Tero: I would hate to see this happening: 7 key exchanges sharing the same type 4. These are complete key exchange - not the same thing as DH. Need a new registry - they'll probably have their own parameters. Valery: They do the same thing as D-H: negotiate a key. Scott: Specifically we wanted to allow doing this group, then this other, then an isogeny group. This construct allows this to be done relatively straightforward. Tobias Heider: Like the idea of combining old (DH, ECDH) and new stuff Martin Fadman: Why the limit 7? Valery: Arbitrary Martin: Maybe this argues for the hierarchical idea. Valery: Scott things that in most cases different types will be used. We have three types, so let's double it Tero: Why negotiate all of this in the first SA payload? Interacts badly with parameters. Maybe negotiate them one-by-one along the way? Valery: What you are proposing will complicate things. Better to negotiate in advance what is going to follow. Maybe the responder doesn't support what you are going to require in the third round Mark ???: Having them all in one place is better Scott: About parameters: transforms can have attributes. Regarding the size of the SA proposal: not a problem with the encoding of IKEv2 proposals, at least for sane policies Tero: will continue on the list (as we're running out of time) Yoav: This is just for CCSA with PFS? We can still do CCSA without PFS Valery: Yes, and for rekeying of IKE SA Mark: Support adoption Tobias Heider: adopt, and rename to hybrid key exchange. Because it can be used with multiple classic D-H. Yoav: if we're adopting this should adopt also intermediate, and no point in adopting intermediate if we're not adopting this. Daniel Migault: Adopt, then make changes An implementor's view on Hybrid PQKE in IKEv2 ============================================= Tobias Heider Slides: https://datatracker.ietf.org/meeting/104/materials/slides-104-ipsecme-an-implementors-view-on-hybrid-pqke-00 Still controversy about breaking the PQ exhcnages out. Also with how to accomodate McEliece (large keys) Yoav: Can define a new "extended-size" payload to accomodate >64K key exchanges. PQC for IKEv2 in strongSwan =========================== Leonie Bruckert Slides: https://datatracker.ietf.org/meeting/104/materials/slides-104-ipsecme-pqc-for-ikev2-in-strongswan-00 Tobias Guggemos: We have 4 implementations. Maybe do a Hackathon? Tero: You going to organize this? Thanks! Tobias: Yes, if you fly me to Montreal Dave: Will take to the list ESP Header Compression and Diet-ESP =================================== Tobias Guggemos - draft-mglt-ipsecme-diet-esp-07 Slides: https://datatracker.ietf.org/meeting/104/materials/slides-104-ipsecme-esp-header-compression-and-diet-esp-00 (discussion on adoption will be done on the list) Labeled IPsec ============= Paul Wouters - draft-ietf-ipsecme-labeled-ipsec Slides: https://datatracker.ietf.org/meeting/104/materials/slides-104-ipsecme-labeled-ipsec-00 (already a WG draft. Discussion on Paul's proposed changed in selecting TS types will be done on the list) IKEv1 Graveyard =============== Paul Wouters - draft-pwouters-ikev1-ipsec-graveyard Slides: https://datatracker.ietf.org/meeting/104/materials/slides-104-ipsecme-ikev1-graveyard-00 Tero: We don't instruct people what to use. We can't tell people what to use. Dan Harkins: IKEv1 is already obsoleted. What more do we need? PW: We want to tell people not to use it. Smyslov: Support deprecating IKEv1 Benedict: Cannot get rid of 3DES. Used in telephony. PW: Yes, for now, but it's time for CAST IP Traffic Flow Security ======================== Christian Hopps - draft-hopps-ipsecme-iptfs-00 Slides: https://datatracker.ietf.org/meeting/104/materials/slides-104-ipsecme-ip-traffic-flow-security-00 Valery: Interesting proposal. You fragment IP packets to arbitrary size and then re-assemble. This complicates IPsec implementation. I'd rather sacrifice some performance (efficiency?) by allowing combining but not fragmenting. Christian: Let's discuss on the list Paul Wouters: Privacy and compressing are different goals. Why do we need the extra things. Christian: the 20,000% overhead. Lou Berger: The present thing is not deployable. We're destroying the available bandwidth with the trimodal distribution of packets. -- discussion to continue on list -- kivinen@iki.fi
- [IPsec] Preliminary minutes for the IPsecME meeti… Tero Kivinen
- Re: [IPsec] Preliminary minutes for the IPsecME m… mohamed.boucadair
- Re: [IPsec] Preliminary minutes for the IPsecME m… Tobias Heider
- Re: [IPsec] Preliminary minutes for the IPsecME m… Valery Smyslov
- Re: [IPsec] Preliminary minutes for the IPsecME m… mohamed.boucadair
- Re: [IPsec] Preliminary minutes for the IPsecME m… Paul Wouters
- Re: [IPsec] Preliminary minutes for the IPsecME m… Valery Smyslov
- Re: [IPsec] Preliminary minutes for the IPsecME m… Tobias Heider
- Re: [IPsec] Preliminary minutes for the IPsecME m… Paul Wouters
- Re: [IPsec] Preliminary minutes for the IPsecME m… Valery Smyslov
- Re: [IPsec] Preliminary minutes for the IPsecME m… Valery Smyslov
- Re: [IPsec] Preliminary minutes for the IPsecME m… Paul Wouters
- Re: [IPsec] Preliminary minutes for the IPsecME m… Valery Smyslov