[IPsec] AD review of draft-ietf-ipsecme-rfc7321bis
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Fri, 17 February 2017 15:36 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E38D12962A for <ipsec@ietfa.amsl.com>; Fri, 17 Feb 2017 07:36:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KrlLtzp5VNxv for <ipsec@ietfa.amsl.com>; Fri, 17 Feb 2017 07:36:36 -0800 (PST)
Received: from mail-qt0-x234.google.com (mail-qt0-x234.google.com [IPv6:2607:f8b0:400d:c0d::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55C0A1296E1 for <ipsec@ietf.org>; Fri, 17 Feb 2017 07:36:36 -0800 (PST)
Received: by mail-qt0-x234.google.com with SMTP id k15so43202164qtg.3 for <ipsec@ietf.org>; Fri, 17 Feb 2017 07:36:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=SG4xAjg3Q21GMeOrImVpbVqX1qmDiDm4PpQUhJInWpQ=; b=YEvr1rLoL6s2l/rx05E0U7KE+GiSrUw5P0PHM1KkDA2+HQQLq58dIP/WIKl56WleXb 6p1pWpf3XNKcu0DW5LFCFAHgmBA/gexKEb5aYgKJ2d1u4Ze5hA6LNK3oRM57xpgIhRNY PFpQSOzL6A0LCZzSNpkQDeD5cMzLfixXjfZx3t8bqQv6MWOBrnAqS5CDCZANZoWM3Imc 79Im4KeK1SGLOGOMLp9bOIn/ACKjEu8kWmUeQe043GnH70yA7j0BxEIdGFvOjGjSIWkS MCNP+AAjBhDc5O12O8kFk43M2UO7zZ6eDk0ThUcYlL+vU1VkMmzh2D137zAW6yHlTdA5 F0WQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=SG4xAjg3Q21GMeOrImVpbVqX1qmDiDm4PpQUhJInWpQ=; b=sYh8DrI1qknG8rfJG/q4f8BdJSJt477D59bXVO6rHBUYwGKv2n6cm6tIoHdafxbhfw blGT2Fa4pGvrJlQ6iT1shctKrI6tgbSJO07JfwC40qvnjR5EflU4yU/M7bCjdRWIKSjS 1kWGSPmIYTIeyjcVomAmJOnnYX3+pIjOUuVZFmkySbfLjc8PmsOj0bikWKbuagH9eQy9 vMQDa0HslknvVQ4NUhPDrA1L2Q/zuePWy8tYCgrRopcVVpe9cShffoEvh2ABGEKfoojN rXg409pzX58AaYzxl4Rh0NDzpkJiM7c/HDlF8mfKB+eId2smqtYehyPdKZjnM+anBtrO x8UQ==
X-Gm-Message-State: AMke39nRG2vYJZ7KwZMYPQag6Q2mZ/lGrRIlh4EI1/O6qLylIfYeyOB2kkME8tklCjyZM/YiTC2Uma/wyhP2Aw==
X-Received: by 10.200.2.66 with SMTP id o2mr8577710qtg.244.1487345795048; Fri, 17 Feb 2017 07:36:35 -0800 (PST)
MIME-Version: 1.0
Received: by 10.12.170.30 with HTTP; Fri, 17 Feb 2017 07:36:34 -0800 (PST)
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Fri, 17 Feb 2017 10:36:34 -0500
Message-ID: <CAHbuEH4K1MW8BitnOtmpoHwU6ZseqwNkYQTJ_YUE6cYxH9cshg@mail.gmail.com>
To: "ipsec@ietf.org" <ipsec@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/jku3EO7eVnklinAnsQadkLGlCCI>
Subject: [IPsec] AD review of draft-ietf-ipsecme-rfc7321bis
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Feb 2017 15:36:38 -0000
Hello, Thanks for your work on draft-ietf-ipsecme-rfc7321bis. I just have one big question and a nit to point out. Questions: I see this: 5. ESP and AH Authentication Algorithms Encryption without authentication MUST NOT be used. This is a big change from RFC7321 without much explanation. What about the case of opportunistic security? Can you explain the change and justification? Nits: Section 4, third paragraph: s/theses/these/ Usually, the use of theses algorithms is limited to specific cases, and the absence of specification makes interoperability difficult for IPsec communications. -- Best regards, Kathleen
- [IPsec] AD review of draft-ietf-ipsecme-rfc7321bis Kathleen Moriarty
- Re: [IPsec] AD review of draft-ietf-ipsecme-rfc73… Paul Wouters
- Re: [IPsec] AD review of draft-ietf-ipsecme-rfc73… Kathleen Moriarty
- Re: [IPsec] AD review of draft-ietf-ipsecme-rfc73… Paul Wouters
- [IPsec] Regarding max limit of payloads to avoid … Sandeep Kampati
- [IPsec] Regarding max limit of payloads to avoid … Tero Kivinen
- Re: [IPsec] AD review of draft-ietf-ipsecme-rfc73… Tero Kivinen
- Re: [IPsec] AD review of draft-ietf-ipsecme-rfc73… Kathleen Moriarty
- Re: [IPsec] AD review of draft-ietf-ipsecme-rfc73… Kathleen Moriarty
- Re: [IPsec] AD review of draft-ietf-ipsecme-rfc73… Paul Wouters
- Re: [IPsec] AD review of draft-ietf-ipsecme-rfc73… Kathleen Moriarty
- Re: [IPsec] AD review of draft-ietf-ipsecme-rfc73… Waltermire, David A. (Fed)