owner-ipsec@lists.tislabs.com Wed, 07 January 2004 16:43 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.12.10/8.12.8) with ESMTP id i07GhZib058736; Wed, 7 Jan 2004 08:43:35 -0800 (PST) (envelope-from owner-ipsec@lists.tislabs.com)
Received: by lists.tislabs.com (8.9.1/8.9.1) id KAA00685 Wed, 7 Jan 2004 10:50:56 -0500 (EST)
Date: Wed, 07 Jan 2004 10:50:56 -0500
From: owner-ipsec@lists.tislabs.com
Message-Id: <200401071550.KAA00685@lists.tislabs.com>
SMTPSVC(6.0.3790.1069); Tue, 6 Jan 2004 17:57:54 -0800 17:58:09 -0800 Microsoft SMTPSVC(6.0.3790.1069); Tue, 6 Jan 2004 17:58:05 -0800 x-mimeole: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------InterScan_NT_MIME_Boundary" Subject: New IKEv2 draft: draft-ietf-ipsec-ikev2-12.txt Date: Tue, 6 Jan 2004 17:57:35 -0800 Message-ID: <F5F4EC6358916448A81370AF56F211A50170DBFA@RED-MSG-51.redmond.corp.microsoft.com> Thread-Topic: New IKEv2 draft: draft-ietf-ipsec-ikev2-12.txt thread-index: AcPUwZ7hawLk/tvsTlSLO3ztI5OAEg== From: "Charlie Kaufman" <charliek@microsoft.com> To: <ipsec@lists.tislabs.com> X-OriginalArrivalTime: 07 Jan 2004 01:58:05.0271 (UTC) FILETIME=[B0930E70:01C3D4C1] Sender: owner-ipsec@lists.tislabs.com Precedence: bulk This is a multi-part message in MIME format. --------------InterScan_NT_MIME_Boundary Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C3D4C1.B0928E15" ------_=_NextPart_001_01C3D4C1.B0928E15 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I just forwarded it to internet-drafts, copying Paul Hoffman in hope he will post it on his web page faster than the I-D editor will get to it. =20 I believe this version is going to IETF last call. The changes from the last version are: =20 H.12 Changes from IKEv2-11 to IKEv2-12 January 2004 =20 1) Made the values of the one byte IPsec Protocol ID consistent between payloads and made the naming more nearly consistent. =20 2) Changed the specification to require that AUTH payloads be provided in EAP exchanges even when a non-key generating EAP method is used. This protects against certain obscure cryptographic threats. =20 3) Changed all example IP addresses to be within subnet 10. =20 4) Specified that issues surrounding weak keys and DES key parity must be addressed in algorithm documents. =20 5) Removed the unsupported (and probably untrue) claim that Photuris cookies were given that name because the IETF always supports proposals involving cookies. =20 6) Fixed some text that specified that Transform ID was 1 octet while everywhere else said it was 2 octets. =20 7) Corrected the ASN.1 specification of the encoding of X.509 certificate bundles. =20 8) Added an INVALID_SELECTORS error type. =20 9) Replaced IANA considerations section with a reference to draft- ietf-ipsec-ikev2-iana-00.txt. =20 10) Removed 2 obsolete informative references and added one to a paper on UDP fragmentation problems. =20 11) 41 Editorial Corrections and Clarifications. =20 12) 6 Grammatical and Spelling errors fixed. =20 13) 4 Corrected capitalizations of MAY/MUST/etc. =20 14) 4 Attempts to make capitalization and use of underscores more consistent. =20 =20 =20 ------_=_NextPart_001_01C3D4C1.B0928E15 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns=3D"http://www.w3.org/TR/REC-html40"> <head> <meta http-equiv=3DContent-Type content=3D"text/html; = charset=3Dus-ascii"> <meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)"> <style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:Arial; color:windowtext;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in;} div.Section1 {page:Section1;} --> </style> </head> <body lang=3DEN-US link=3Dblue vlink=3Dpurple> <div class=3DSection1> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>I just forwarded it to internet-drafts, copying Paul = Hoffman in hope he will post it on his web page faster than the I-D editor will = get to it.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>I believe this version is going to IETF last call. = The changes from the last version are:<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>H.12 Changes from IKEv2-11 to IKEv2-12 January = 2004<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> 1) Made the values of the one byte IPsec Protocol ID consistent<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> between payloads and made the naming = more nearly consistent.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> 2) Changed the specification to require = that AUTH payloads be<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> provided in EAP exchanges even when a = non-key generating EAP method<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> is used. This protects against = certain obscure cryptographic<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> threats.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> 3) Changed all example IP addresses to = be within subnet 10.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> 4) Specified that issues surrounding = weak keys and DES key parity<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> must be addressed in algorithm = documents.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> 5) Removed the unsupported (and probably untrue) claim that Photuris<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> cookies were given that name because the = IETF always supports<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> proposals involving = cookies.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> 6) Fixed some text that specified that Transform ID was 1 octet while<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> everywhere else said it was 2 = octets.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> 7) Corrected the ASN.1 specification of = the encoding of X.509<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> certificate = bundles.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> 8) Added an INVALID_SELECTORS error = type.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> 9) Replaced IANA considerations section = with a reference to draft-<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> = ietf-ipsec-ikev2-iana-00.txt.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> 10) Removed 2 obsolete informative = references and added one to a<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> paper on UDP fragmentation = problems.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> 11) 41 Editorial Corrections and Clarifications.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> 12) 6 Grammatical and Spelling errors = fixed.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> 13) 4 Corrected capitalizations of MAY/MUST/etc.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> 14) 4 Attempts to make capitalization = and use of underscores more<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'> consistent.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> </div> </body> </html> ------_=_NextPart_001_01C3D4C1.B0928E15-- --------------InterScan_NT_MIME_Boundary--