Re: [IPsec] Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-auth-announce-09: (with COMMENT)
"Eric Vyncke (evyncke)" <evyncke@cisco.com> Thu, 11 April 2024 13:58 UTC
Return-Path: <evyncke@cisco.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56035C14F5FB; Thu, 11 Apr 2024 06:58:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -13.932
X-Spam-Level:
X-Spam-Status: No, score=-13.932 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-2.049, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SPF_HELO_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4NBPNoRte8dm; Thu, 11 Apr 2024 06:57:59 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24AD9C14F70D; Thu, 11 Apr 2024 06:57:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; i=@cisco.com; l=18176; q=dns/txt; s=iport; t=1712843879; x=1714053479; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=6OYgCRk7+EnEv39r18stOlkXDcphQ4vtKLT0T0LDy5A=; b=IRORxiMdVnMeDjzVVcOy1FVCOvcopqiUuYJ1wUMK8FkHGCuhuggWLGTG HHUHZf8ey+7VTZ4CGlIdkSFPewo1A6e5DpwXrxVPZzJqV+71u/zT3e8sX cv4zef2YBbOyZuB+T827vC49xC+AmCTlAeS/+vP9xMSsaRn09JKbd0q5b 0=;
X-CSE-ConnectionGUID: FxtCFbJSREGq+Bi5SOFz8g==
X-CSE-MsgGUID: CJg5v1TXQqSOgOQPhjR8Dw==
X-IPAS-Result: A0ABAABb6xdmmIsNJK1aGQEBAQEBAQEBAQEBAQEBAQEBARIBAQEBAQEBAQEBAQFAJYEWBAEBAQEBCwGBQDFSegKBF0iIIQOETl+IbAORQoV0hlIUgREDVg8BAQENAQE7CQQBAYUGAogWAiY0CQ4BAgQBAQEBAwIDAQEBAQEBAQEGAQEFAQEBAgEHBRQBAQEBAQEBAR4ZBQ4QJ4VtDYZZAQEBAQIBEmcFCwIBCA4DAwECLzEdCAIEAQ0FCA4Mgl4BghclIwMBEAakQwGBQAKKKHiBNIEBghYFgT0CEEHbaAaBSAGIKwEkgTGIYicbgUlEgRVCgmg+gmEBAQIBgSgBEgEjHoN0gi8EgxeMUziDEkGBWAKBFIEjL4EPh05UdyIDJjMhAhEBVRMhCToPDBoCGxQNJCMCLD4DCQoQAhYDHRQEMhEJCyYDKgY2AhIMBgYGWyAWCQQjAwgEA1ADIHARAwQaBAsHdYIAgT0EE0cQgTKKGQyBfYE2KYFOKYERgyILQnGEIUcDRB1AAwttPTUUGwUEHwGBGAWcHgE5AgGCdQYBAVYMBCIZEAh7BwEcLjUICREOFiAPA5IuFBAKjwxHgTOMUpNHgTwKhBOMDpVVF4MEgQGMfpF7hlJkkw2FVSCNVJUXMgsEhQ8CBAIEBQIPAQEGNYEvOmtwcBU7gmdSGQ+DPIp9H4hWmRx4AjkCBwEKAQEDCQGKZwEB
IronPort-PHdr: A9a23:v2+LFhb+2/Cp7No+oTafzUb/LTDmhN3EVzX9orI9gL5IN6O78IunY ArU5O5mixnCWoCIo/5Hiu+Dq6n7QiRA+peOtnkebYZBHwEIk8QYngEsQYaFBET3IeSsbnkSF 8VZX1gj9Ha+YgBOAMirX1TJuTWp6CIKXBD2NA57POPwT4PMnsK81O2a8JzIaAIOjz24Mvt+K RysplDJv9INyct6f7w8yBbCvjNEev8Dw2RuKBPbk0P359y7+9ho9CE4hg==
IronPort-Data: A9a23:u/XkbayZeSPd9kMrue56t+fgxirEfRIJ4+MujC+fZmUNrF6WrkVWx mMXDD+FO/uIZTH3L9x3Pty1oRtTusCGz4BjSAZupVhgHilAwSbn6Xt1DatR0we6dJCroJdPt p1GAjX4BJlpCCea/lH0auSJQUBUjcmgXqD7BPPPJhd/TAplTDZJoR94kobVuKYw6TSCK13L4 YyaT/H3Ygf/h2YoaztMscpvlTs21BjMkGJA1rABTagjUG/2zxE9EJ8ZLKetGHr0KqE88jmSH rurIBmRpws1zj91Yj+Xuu+Tnn4iHtY+CTOzZk9+AMBOtPTtShsaic7XPNJEAateZq7gc9pZk L2hvrToIesl0zGldOk1C3Fl/y9C0aJu1q/bCla1k/ep4mLfMFHtns5JIlNmMthNkgp3KTkmG f0wITQJaFWIgPi7hez9Qeh3jcNlJ87uVG8dkig/lneCU7B/GtaaGPSiCdxwhF/cguhDA+fYb MkUQTFudx/HJRZIPz/7Dbpkwb/13iOgI20wRFS9jog4vnaK8DxIyYPKP/3sQtyIf5V5gRPNz o7B1z+kWk5BboP3JSC+2nO0neLEtSL2RIxUE6e3ntZrmEaezWkeTRYWXFqhutG4h1KwHdVFJ CQ89jAno7R39UG3QJz8Rwa1q3uJ+x8fVsQKVuQn9AHIw6zS5BufDWUsTzNdZpohrsBebT0nz VChnt71C3poqrL9dJ6G3r6QqTX3Mi8PICpcIyQFVgACpdLkpenfky4jUP5NALKeoNfXIgvd7 CnJhiljvJI9n54EgvDTEU/8vxqgoZ3ATwgQ7wrRX3644g4RWGJDT9LzgbQ8xagZRLt1XmW8U G44d99yBd3i4LmEkCiLBe4KBrzsubCOMSbXhhhkGJxJG9WRF5yLI984DNJWfRsB3iM4ldnBO xG7VeR5v8I7AZdSRfUrC79d8uxzpUQaKfzrV+rPcv1FaYVreQmM8UlGPBHJhT+yyxhzyvxkZ v93lPpA615EUcyLKxLrFo8gPUMDl0jSOEuKHM+rkU77uVZgTCfEE+xt3KSyghARt/7c/16Pr L6zxuOByg5UV6XlczLL/IsIZVEMJj5TOHwFg5I/SwJ3GSI/QDtJI6aImdsJItU594wLzb2g1 i/mBSdlJK/X2CevxfOiMC4zMdsCnP9X8BoGAMDbFQ32hiJ6Otfyt/93mlleVeBPydGPBMVcF pEtU86BGf9IDD/A/lwggVPV9uSOqDzDadqyAheY
IronPort-HdrOrdr: A9a23:HqKYF6qSGIcec/WMVqTi6wcaV5tiLNV00zEX/kB9WHVpm5Oj5q OTdaUgtSMc1gxxZJh5o6H/BEDhex/hHZ4c2/h2AV7QZniWhILIFvAv0WKM+UybJ8STzJ846U 4kSdkANDSSNyk0sS+Z2njELz9I+rDum87Y55a6854ud3AXV0gK1XYBNu/vKDwMeOAwP+tAKH Pz3LshmxOQPV4sQoCQAH4DU+Lfp9vNuq7HTHc9bSIP2U2ltx/tzKT1PSS5834lPg+nx41MzU H11yjCoomzufCyzRHRk0XJ6Y5NpdfnwtxfQOSRl8k8MFzX+0eVTbUkf4fHkCE+oemp5lpvus LLuQ0cM8N67G6UVn2poCHqxxLr3F8Vmj/fIB6j8DjeSP7CNXcH4vl69MZkm9zimg0dVeRHoe B2NqSixtxq5F377X3ADpPzJmFXfwKP0AkfeKgo/jJiuU90Us4LkWTZl3klSKsoDWb07psqH/ JpC9yZ7PFKcUmCZ3ScpWV3xsewN05DVStub3Jy8/B96QIm1ExR3g8d3ogSj30A/JUyR91N4P nFKL1hkPVLQtUNZaxwCe8dSY/vY1a9DC7kISaXOxDqBasHM3XCp9r+56g0/vijfNgNwIEpkJ rMXVtEvSo5el7oC8eJwJpXmyq9ClmVTHDo0IVT9pJ5srrzSP7iNjCCUkknl4+6r/AWEqTgKo CO0VJtcojexEfVaPJ0NlfFKutvwFElIbgohuo=
X-Talos-CUID: 9a23:H/dRH2NDfco9v+5Ddjl732AeOPsfX1LEj13RfnSfJ3Q5R+jA
X-Talos-MUID: 9a23:KI5VUQ2LCJ4VTeVjv1n7YZw0gTUjyIahVV5UraU/ovKjOgtJAzeftmSbXdpy
X-IronPort-Anti-Spam-Filtered: true
Received: from alln-core-6.cisco.com ([173.36.13.139]) by alln-iport-5.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Apr 2024 13:57:58 +0000
Received: from rcdn-opgw-4.cisco.com (rcdn-opgw-4.cisco.com [72.163.7.165]) by alln-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id 43BDvvkZ005572 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 11 Apr 2024 13:57:57 GMT
X-CSE-ConnectionGUID: pguAJ+QNSQSeTXmf7j7gCg==
X-CSE-MsgGUID: nCj4qJ4tT7SWcOLG5ojjdg==
Authentication-Results: rcdn-opgw-4.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=evyncke@cisco.com; dmarc=pass (p=reject dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="6.07,193,1708387200"; d="scan'208,217";a="32105542"
Received: from mail-mw2nam12lp2040.outbound.protection.outlook.com (HELO NAM12-MW2-obe.outbound.protection.outlook.com) ([104.47.66.40]) by rcdn-opgw-4.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Apr 2024 13:57:56 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UNGcFpzJt3YazTIQ3S5LZH+rn1P4B2KnkfX4NX7xPF6vv2zRZlm4JdhYz5OSpyIEW6HbHAQG/EPfxX5mgtq27ZQ40bwLjBuRMZiZmxYF79vxsp15cqqoRXlsd8hlbBdYfdB3oafX7l7y21/YUinKqZ+8SDvPWlJzSh5lNSGFu95LfzQ+n4YN5PSM1mSDfSM6pY1BU8yGMRPn9lHrDFFAn4Pu5RHLMuMtJxPgXlNc7Qz2ggeS4NdOLgt75HZpAm3WzhABkfHUosmlsoGII0Unv/oMmjJKkSVdB2786+mdewd+0p7FuVY9mbcTVIdKNcaaJ+IUQ4Cqp49A3E+RSuJh8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6OYgCRk7+EnEv39r18stOlkXDcphQ4vtKLT0T0LDy5A=; b=DYMaVfugIQwAYZ3bdvyrm2cU0y0MEg/IHPigHVbgHwvJtT+9YMzD/RRsTcrc0TPur9CaiSOIO2VeZe0HQ3e0Cd/0D/0Xvz2+keVCgMDEYvYOEDvd9FmaEE9NIX+1wEwoqnlwvmRPkImyVsTjQD+X2ruH0y82SE8HOmnCJJ5LTjioI1Dz/MF5NQSMYsF5+X1uz3gkDZ8jrIUX+QhHV4LFdS70w/dDkdiWsaFsKNtt5u278S+ukil37cuSyoKde2dO4PZYcIkT/QYbL6r+SAG63B+OgvqiBHqe8uuAfYSGEkwZaXfDz4cbFT2I60jxP0VA9L8qAzev+j6DhSoKgGGtJg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by SA3PR11MB8047.namprd11.prod.outlook.com (2603:10b6:806:2fc::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7430.46; Thu, 11 Apr 2024 13:57:54 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::626d:78db:4371:447a]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::626d:78db:4371:447a%6]) with mapi id 15.20.7472.025; Thu, 11 Apr 2024 13:57:53 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Valery Smyslov <svan@elvis.ru>, 'The IESG' <iesg@ietf.org>
CC: "draft-ietf-ipsecme-ikev2-auth-announce@ietf.org" <draft-ietf-ipsecme-ikev2-auth-announce@ietf.org>, "ipsecme-chairs@ietf.org" <ipsecme-chairs@ietf.org>, "ipsec@ietf.org" <ipsec@ietf.org>, "kivinen@iki.fi" <kivinen@iki.fi>
Thread-Topic: Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-auth-announce-09: (with COMMENT)
Thread-Index: AQHai/aqaVXOxg4pAEOKNwUvFfQfrrFjDveAgAAIG+k=
Date: Thu, 11 Apr 2024 13:57:53 +0000
Message-ID: <PH0PR11MB49665734085725294196F6BAA9052@PH0PR11MB4966.namprd11.prod.outlook.com>
References: <171282942898.60208.16082104712999966299@ietfa.amsl.com> <039901da8c13$72cb6310$58622930$@elvis.ru>
In-Reply-To: <039901da8c13$72cb6310$58622930$@elvis.ru>
Accept-Language: fr-BE, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR11MB4966:EE_|SA3PR11MB8047:EE_
x-ms-office365-filtering-correlation-id: 3ad0805a-6633-4c68-5ed4-08dc5a2f61f6
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: tarw3sKCRiC2cNdTjvm0WiTbSs3Wc/x62Jt5u4hF+OuSF050ny6TRn6dm+BA6Ov8BOQVEYEKNd0MDEtJTP7wlnX6MU3MNyxpSrRrw7ui9snu3xj4zq7h3gXIn6hd8h5xah8HpP0kMhIzzcz8qrlfa40XSmYBgnWR1REd22rV0d3f57onkRx7OGuRN5ay9oX9Y3qyYEURlUWeUdAoEMidSaTvIZUdPkUkeuM/1UJVnA9ZkTmiTIOfEM5cvTJdKsBYBMAPZj2ZXNSViWiPR3oZszOlfEsAS+wpy9IrlyduCthR4jMqQKdtsuOcSEUnm81BaglTzRfJsKtO9KpA02wsP3XTzL7RB4D1rPDd8SsQcMT7B06ilcpjzaXofJJkaq+RIbco/NkxxB4fxb0rZDr2UxG/uCthaA0fgVssJEVqL9qLtFMRA3Z0EZP4Qjmdyt1MAN/dXc8nTmG7KqSrwBwbxOGQrCiOrlvaCimtDEsb/TozD1sRU+wGrotSDUnrbUSpsALsRz+jtGbSa30nR6r89PwqohKjB43ZQlcBZtwRs9nD15DfyMSdvm6GAuGo+m+uMX5ZNcpLCcJVXCf6qH95/rVad3dU0JvYlhzvLNEQE2avs6V3NuJRrbGe49D7YGv7JnPAN+CCupoLUCuGIpzZ1QoQ0e3fYJ+ZEh4mPoYNcNW+bBYkIgm7QRlktWvzRey3
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366007)(376005)(1800799015)(38070700009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 5nHgAqKnZZ0h+JHg3oqqOCHhhRwTXDth/7o+LuTjYNe5mQFAdW+usVy3gvzzvULENqHBEHp63WFb1lsreR3ER50j+Q7b3Ab2x2ErNtI/rvYdjF3cHF1A5JzXqpUST6Ys97GNNcq7O1kdUgcG+xeXdAOccUzG4gN0sUKoSg88P3tjrb9yX4vS0ioPPzLb0qprCDaiuFebJZLILHmNLM7iDDqSlAgii3HXR9eIhNwpwwjLpaVxr6FVgFz/b3jStYkeIQ6Dw9TYjm1fgHKBVE/qm/h7jjX1d43g92er5mcHb+q5cQLiC8WXEklltH3l79zKx7wQfXqz0vk3fp/+9lepwHpk/yxz1MG8Nu4BZlByaou4+5yXPxYcIp3llsjdJMpqUFutxv7oGSryVQfrcUk31kvGMEf0UKNN1Pz98mnxwVhD3AYYmzn/6X2F7fpMNa4VVfKSnfHgHqIsMicqz3P7aAobgvSjbxDeSNeMZIJ7GOai+5pTdWteKQ28q+Qr7X7mtBhM2oc+nf3OMa/WJzXAQnXX8nZ4w0meU5iPkjbXwFGNlHY9406T3BqONrYjPz/t5shNkgjoOoSEEWcdyF1jiMuh7DmXYw4RX4HKvSEyrDLaMS9O3u30t19SkH0lv6Y56MYItc4GJhz9/E7xW9lrtqlnD8iAuYCg1mu/vNeK864KEZdtfV0X58Lq7I5ru1kj+MhORhQ11L/DwMCtY2ZnENyVQ0pxgxFMboCo82MQMoYsFtd41wFOnQ9VrwUovMF4sbcEBsK3Xk7mTnEz7c9nEScvvGqXtzqN1mZ97jdL0pCf2uF4mP3aH1H45zp8egcgJnvS87Eyq6R/108fGKZDcRuSbyGdvq2E240VVl+RfYxJXZhIL2H13uAVeIg1PfkW6SvtoIBf4B/89TvJckpMie5DgJnTIutJdWJRVL4fsUcZhXEklAs9/mBrtE2uyBm3jGCKrtaAtC8o0YfSygtKAtAgCuwhh03hKucQICAWPOvDAOioOk8vYutmhN4/RoeLI5KmSMbpJQ+/R4toYvk1u8MvU4JV2RU3BhQRsF0X/IHiZ9PZiQaBkNkKVJaqg4F4AE0zcxU2mBkNcX0ayc8XVui4qLK6oKsEyCzXqU8yCxWzsfjRQepLOSx6nxqR1u6j5T6sCjWgN+O4rRZ9luvxIedcre5wT8nbA1yES6lXRCt6c4wqZgEbGELv335MyBfUUsP8AZ+l1C0uqOBAWfbrQGf5QuTuD3siHOkcA8m+rWC9hGBkdCbX+uRLa1NVMIWzkVb0uAec1sTI2eVa+k21Ve+KqHHSMXj6kqAK+W8FhtegeDOy/CPm/0us6FCBQPUielruQwCxsyGElzL34BYzhxKq3eMjLHzHogeXI3wgEFfvw/VZeiYJrJ52GC4y/7V7a4IcecGE4ZqKxJYYCK9SFhV67cYqsO63EnI1+MrLRSzj4gv0rWDM6Jec14qubBWbkpLBOg3SqdAEZyN+8O76D3T0YFjYT7PL8V5HKfYqle89altjGf5azS8y6Gi6dzu20D4LJNsqi4p0tKr2+0+b+tMOaIA9e1fVEOQsxiTtc0M5SAZZWkmj+Iu2vJQA5q0KeQpuCOKnsbAu5+P/zf6vFQ==
Content-Type: multipart/alternative; boundary="_000_PH0PR11MB49665734085725294196F6BAA9052PH0PR11MB4966namp_"
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3ad0805a-6633-4c68-5ed4-08dc5a2f61f6
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Apr 2024 13:57:53.3087 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 14EBIP2mW9Ny1hVBsvtHuu1jkbUr0oUVh5Q9PA7JuiQvTwTb7N8wMjKw8IcH7lS80y1jJYhtq/025tQCNjq9Bw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR11MB8047
X-Outbound-SMTP-Client: 72.163.7.165, rcdn-opgw-4.cisco.com
X-Outbound-Node: alln-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/q9Q_goPZCxTEr9AEfjn6jfDT-88>
Subject: Re: [IPsec] Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-auth-announce-09: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2024 13:58:04 -0000
Thank you, Valery, for the prompt reply. See below for EVY> Regards -éric From: Valery Smyslov <svan@elvis.ru> Date: Thursday, 11 April 2024 at 15:23 To: Eric Vyncke (evyncke) <evyncke@cisco.com>, 'The IESG' <iesg@ietf.org> Cc: draft-ietf-ipsecme-ikev2-auth-announce@ietf.org <draft-ietf-ipsecme-ikev2-auth-announce@ietf.org>, ipsecme-chairs@ietf.org <ipsecme-chairs@ietf.org>, ipsec@ietf.org <ipsec@ietf.org>, kivinen@iki.fi <kivinen@iki.fi> Subject: RE: Éric Vyncke's No Objection on draft-ietf-ipsecme-ikev2-auth-announce-09: (with COMMENT) Hi Éric, thank you for your comments, please see inline. > Éric Vyncke has entered the following ballot position for > draft-ietf-ipsecme-ikev2-auth-announce-09: No Objection > > When responding, please keep the subject line intact and reply to all email > addresses included in the To and CC lines. (Feel free to cut this introductory > paragraph, however.) > > > Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot- > positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-auth-announce/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > # Éric Vyncke, INT AD, comments fordraft-ietf-ipsecme-ikev2-auth-announce-09 > > Thank you for the work put into this document. > > Please find below some non-blocking COMMENT points (but replies would be > appreciated even if only for my own education), and some nits. > > Special thanks to Tero Kivinen for the shepherd's detailed write-up including > the WG consensus and the justification of the intended status. > > I hope that this review helps to improve the document, > > Regards, > > -éric > > # COMMENTS (non-blocking) > > ## Abstract > > As the I-D is about authentication methods, I wonder whether `with multiple > different credentials` is the right wording, should it rather be "different > authentication methods" ? (of course with some text repetition). I believe "different credentials" may include "different authentication methods"? There are may also be some subtleties. For example, consider the situation when user has 2 certificates: RSA and ECDSA. In this case he/she has different credentials, but from IKEv2 point of view, both use the same authentication method, "Digital Signature", with different signature algorithms. I make the following change: s/multiple different credentials/multiple credentials of different type Is this better? EVY> I think so > ## Section 3.1 > > `Regardless of whether the notification is received,` may be I am mis-reading > this, but why would the responder send the notification if the initiator does > not care anyway ? The responder doesn't know if the initiator cares or not. There is no negotiation of this feature, each party just makes its mind whether to send and whether to process this notification (if it is ever supported). EVY> sure it will work like described in the I-D, but I find it really weird that the initiator does not send its own list. > ## Section 3.2 > > While the readers may guess some details, but let's be clear in a proposed > standard I-D: > > 1) `Notification Data field` does not appear in figure 4 > 2) role of C flag and its value > 3) value of Protocol ID > 4) saying that reserved field must be set to 0 by sender and ignored on the > receiver There is a reference to Section 3.10 of RFC 7296, which contains details of how a generic payload header should be filled in. The Protocol ID and SPI Size values are defined in this document (zero). EVY> I am off-line now so cannot check in the I-D whether the reference is there. But, may I suggest to state somewhere that the fields C/protocol id/reserved are specified in RFC 7296 ? What about 1), well, the "Notification Data" is the generic name of this field in the Notify Payload. Its content depends on the type of the notify message. I quickly scanned other RFCs which defined new notifications and they all renamed the "Notification Data" to some name specific to the type of notification. So, to avoid confusion, I changed the text as follows: s/The Notification Data field/ Notification data Hope this eliminates the possible confusion. EVY> this would help indeed > ## Section 3.2.1 > > Let's be crisp and specify that the length is in octets. Done. > Is there a registry for authentication method ? or should this specification be > updated for every new authentication method ? https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-12 EVY> may I suggest to add a reference to this registry (again off-line and cannot check) I hope no, but I cannot predict how IKEv2 would be tweaked in the future :-) > # NITS (non-blocking / cosmetic) > > ## Section 1 > > The last sentence of the 2nd paragraph is rather long and I think that "that" > should be used in `the peer which supports wider range of`. Thank you, I've been always mixing when to use "which" or "that" :-) I changed s/which/that EVY> ;-) I had to learn it myself (not easy for non English speaker) > ## Section 3.2.1 > > Missing closing parenthesis in the last paragraph. Fixed. Regards, Valery.
- [IPsec] Éric Vyncke's No Objection on draft-ietf-… Éric Vyncke via Datatracker
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Eric Vyncke (evyncke)
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Eric Vyncke (evyncke)
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Valery Smyslov
- Re: [IPsec] Éric Vyncke's No Objection on draft-i… Eric Vyncke (evyncke)