Re: [IPsec] Call for adoption: The NULL Authentication Method in IKEv2Protocol
"Graham Bartlett (grbartle)" <grbartle@cisco.com> Mon, 08 September 2014 17:12 UTC
Return-Path: <grbartle@cisco.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C6F41A8984 for <ipsec@ietfa.amsl.com>; Mon, 8 Sep 2014 10:12:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.153
X-Spam-Level:
X-Spam-Status: No, score=-16.153 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.652, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U7xEYjQW-ED7 for <ipsec@ietfa.amsl.com>; Mon, 8 Sep 2014 10:12:11 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B59B01A894D for <ipsec@ietf.org>; Mon, 8 Sep 2014 10:10:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6891; q=dns/txt; s=iport; t=1410196209; x=1411405809; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=7kY+TeeWba2vkzTjrOcoQjyBQDkB9Cz5LCS9LPPlRw0=; b=FYsnYFbq5QqFO0YVXbn6P3+CQyzYrWFSKIe+mNGWqZ9mtVwsTyT2QCwb yUgBU59RRA6KvLuZ44rxAt6Xc9yBFUuo1gawPuOl6k0Nlmuxzfb1PqHvC xBknHxHOH4ZIThH65lC5IeWIWQf1idY5IbldPb27yclS/CE+yy71Bhj2y U=;
X-Files: smime.p7s : 3708
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AicFACXiDVStJA2B/2dsb2JhbABQCYJqI1NXBMlnCodMAYEVFniEAwEBAQQBAQEaURcEAgEIDgMEAQEvAh8GCx0IAgQBEg6IIAMRAQy1CQ2GXQETBI0ggVIKAQE0IgaERgWPK4IVggaBSoVSghCOc4Y5g2FsgQ85gQcBAQE
X-IronPort-AV: E=Sophos;i="5.04,486,1406592000"; d="p7s'?scan'208";a="75998391"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by alln-iport-4.cisco.com with ESMTP; 08 Sep 2014 17:10:08 +0000
Received: from xhc-aln-x08.cisco.com (xhc-aln-x08.cisco.com [173.36.12.82]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id s88HA8uS019535 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 8 Sep 2014 17:10:09 GMT
Received: from xmb-aln-x13.cisco.com ([fe80::5404:b599:9f57:834b]) by xhc-aln-x08.cisco.com ([173.36.12.82]) with mapi id 14.03.0195.001; Mon, 8 Sep 2014 12:10:08 -0500
From: "Graham Bartlett (grbartle)" <grbartle@cisco.com>
To: Valery Smyslov <svanru@gmail.com>, Yaron Sheffer <yaronf.ietf@gmail.com>, ipsec <ipsec@ietf.org>
Thread-Topic: [IPsec] Call for adoption: The NULL Authentication Method in IKEv2Protocol
Thread-Index: AQHPyy4DFcwTtQ+4VEqN7XrYpOOjUZv33bCA
Date: Mon, 08 Sep 2014 17:10:07 +0000
Message-ID: <D033575C.2C348%grbartle@cisco.com>
References: <540CA9B2.3090807@gmail.com> <DCC36F8DE78A4E5280A9977B4CAC144A@buildpc>
In-Reply-To: <DCC36F8DE78A4E5280A9977B4CAC144A@buildpc>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.4.140807
x-originating-ip: [10.55.146.101]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3493044605_9956769"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/n_tQBwsTIHJXCvN6YTBcAn7zHEc
Subject: Re: [IPsec] Call for adoption: The NULL Authentication Method in IKEv2Protocol
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Sep 2014 17:12:23 -0000
Hi Valery I have one Q. If endpoint receives a request to create an unauthenticated IKE SA from the IP address, which is configured on the endpoint to be authenticated, the request SHOULD be rejected. Why is this not MUST be rejected ? Otherwise an attacker could trick the responder into revealing their identity (maybe some words around this also?). Thanks Graham On 08/09/2014 07:27, "Valery Smyslov" <svanru@gmail.com> wrote: >Yes. > >Obviously, as the author of the document I can see its value, >which is describet in the document itself. >And I think it's better to standardize it with >more people involved, than as individual submission. > >Regards, >Valery. > >----- Original Message ----- >From: "Yaron Sheffer" <yaronf.ietf@gmail.com> >To: "ipsec" <ipsec@ietf.org> >Sent: Sunday, September 07, 2014 10:53 PM >Subject: [IPsec] Call for adoption: The NULL Authentication Method in >IKEv2Protocol > > >> Dear working group, >> >> This is a call for adopting draft-smyslov-ipsecme-ikev2-null-auth as a >>WG >> document. Please respond to this mail with a Yes or No and a short >> rationale, at latest by Friday Sep. 12. >> >> Thanks, >> Yaron >> >> _______________________________________________ >> IPsec mailing list >> IPsec@ietf.org >> https://www.ietf.org/mailman/listinfo/ipsec > >_______________________________________________ >IPsec mailing list >IPsec@ietf.org >https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] Call for adoption: The NULL Authenticatio… Yaron Sheffer
- Re: [IPsec] Call for adoption: The NULL Authentic… Valery Smyslov
- Re: [IPsec] Call for adoption: The NULL Authentic… Paul Wouters
- Re: [IPsec] Call for adoption: The NULL Authentic… Paul_Koning
- Re: [IPsec] Call for adoption: The NULL Authentic… Graham Bartlett (grbartle)
- Re: [IPsec] Call for adoption: The NULL Authentic… Paul Wouters
- Re: [IPsec] Call for adoption: The NULL Authentic… Paul_Koning
- Re: [IPsec] Call for adoption: The NULL Authentic… Yaron Sheffer
- Re: [IPsec] Call for adoption: The NULL Authentic… Paul_Koning
- Re: [IPsec] Call for adoption: The NULL Authentic… Hugo Krawczyk
- Re: [IPsec] Call for adoption: The NULL Authentic… Valery Smyslov
- Re: [IPsec] Call for adoption: The NULL Authentic… Daniel Migault
- Re: [IPsec] Call for adoption: The NULL Authentic… Valery Smyslov
- Re: [IPsec] Call for adoption: The NULL Authentic… Graham Bartlett (grbartle)
- Re: [IPsec] Call for adoption: The NULL Authentic… Hugo Krawczyk
- Re: [IPsec] Call for adoption: The NULL Authentic… Yaron Sheffer
- [IPsec] Call for adoption: The NULL Authenticatio… Tero Kivinen
- Re: [IPsec] Call for adoption: The NULL Authentic… Michael Richardson
- Re: [IPsec] Call for adoption: The NULL Authentic… Paul Wouters