[IPsec] Stephen Farrell's Yes on draft-ietf-ipsecme-ikev2-null-auth-06: (with COMMENT)
"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Wed, 27 May 2015 07:43 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72E5D1A88F9; Wed, 27 May 2015 00:43:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HNewoZuU2K2P; Wed, 27 May 2015 00:43:33 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E74D41A88D2; Wed, 27 May 2015 00:43:32 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.0.3
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150527074332.5286.73511.idtracker@ietfa.amsl.com>
Date: Wed, 27 May 2015 00:43:32 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/rWFtHgm-8FlxMMExN2zxxA0SUX8>
Cc: ipsecme-chairs@ietf.org, paul.hoffman@vpnc.org, ipsec@ietf.org, draft-ietf-ipsecme-ikev2-null-auth.ad@ietf.org, draft-ietf-ipsecme-ikev2-null-auth.shepherd@ietf.org, draft-ietf-ipsecme-ikev2-null-auth@ietf.org
Subject: [IPsec] Stephen Farrell's Yes on draft-ietf-ipsecme-ikev2-null-auth-06: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2015 07:43:34 -0000
Stephen Farrell has entered the following ballot position for draft-ietf-ipsecme-ikev2-null-auth-06: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-null-auth/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- - 2.1: just wanted to check as I didn't have time to go through it all myself - are we confident that using SK_pi/SK_pr in this way has no cryptographic downsides? The reference to the EAP methods convinces me this is no worse than an existing thing, but not (by itself) that it is cryptographically sound, so I just wanted to check as I think prf(SK_pr,IDr') has until now been calculated but not transmitted, so there's a tiny change here maybe, but as I said I didn't have time to fully check. If someone just tells me that yes, the authors/wg did consider this, that'll be fine, no need to fully explain to me why using SK_pr like this is safe (though if you want to, that'd be fine too). - 2.5: "hand out" is an odd phrase here - would be better to expand on that I think and say more precisely what should never be done.
- [IPsec] Stephen Farrell's Yes on draft-ietf-ipsec… Stephen Farrell
- Re: [IPsec] Stephen Farrell's Yes on draft-ietf-i… Valery Smyslov
- Re: [IPsec] Stephen Farrell's Yes on draft-ietf-i… Paul Wouters
- Re: [IPsec] Stephen Farrell's Yes on draft-ietf-i… stephen.farrell