IETF Logo Mail Archive

Re: [IPsec] Working group last call for the draft-nir-ipsecme-eddsa-00

David Schinazi <dschinazi@apple.com> Thu, 09 February 2017 17:21 UTC

Return-Path: <dschinazi@apple.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2F2A129C07 for <ipsec@ietfa.amsl.com>; Thu, 9 Feb 2017 09:21:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.188
X-Spam-Level:
X-Spam-Status: No, score=-6.188 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-1.887, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5bg2Ym6BoXNL for <ipsec@ietfa.amsl.com>; Thu, 9 Feb 2017 09:21:26 -0800 (PST)
Received: from mail-in6.apple.com (mail-out6.apple.com [17.151.62.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D98A129485 for <ipsec@ietf.org>; Thu, 9 Feb 2017 09:21:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1486660886; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-transfer-encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Ms9HGjzW7Kc8o4Q5cClx4kmJ3hosxwsnhnJhT9DrN08=; b=ucqUXo6rQUZg0ucJXGq5IS7QyGnIpsQ/fsH/8dRTqZslbfo477ibMbIPpP2QglWC 0KNTbKruaWxr8Jb3HYizk976JRTcvUQ/qzWVqoP9N4KxAQICGKVuHa3iKLU8bXJY HOQSxtZsFcv/y/UxTTR8XfIi5fc/yeAuFQSg8tBZsEBKbSCcyyA996ErEC3fsjqA DQQGuHj0GC1VUEwQboo1YoGHDxBjjze3WAwWBwGVpHDJiriM4KuJMYjt3ddSnZTt iMDHABMVWbDDal+oPD5WU/HpYvYXxy2gF68uozUTTCEh/ka+P7sFnAw6qEUDCW+t Dpqf+vdXivtEC99QhkVI5w==;
Received: from relay3.apple.com (relay3.apple.com [17.128.113.83]) by mail-in6.apple.com (Apple Secure Mail Relay) with SMTP id 0F.67.09465.615AC985; Thu, 9 Feb 2017 09:21:26 -0800 (PST)
X-AuditID: 11973e15-360719a0000024f9-ed-589ca5164202
Received: from nwk-phonehomebzp-sz01 (nwk-phonehomebzp-sz01.apple.com [17.151.62.64]) by relay3.apple.com (Apple SCV relay) with SMTP id 8F.1E.20093.515AC985; Thu, 9 Feb 2017 09:21:26 -0800 (PST)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; CHARSET="US-ASCII"
Received: from [17.153.48.158] (unknown [17.153.48.158]) by nwk-phonehomebzp-sz01.apple.com (Oracle Communications Messaging Server 8.0.1.2.0 64bit (built Dec 14 2016)) with ESMTPSA id <0OL400AFOAVGV050@nwk-phonehomebzp-sz01.apple.com>; Thu, 09 Feb 2017 09:21:25 -0800 (PST)
Sender: dschinazi@apple.com
From: David Schinazi <dschinazi@apple.com>
In-reply-to: <B06891DE-4F9C-4506-940F-E2CEF76000D2@nohats.ca>
Date: Thu, 09 Feb 2017 09:21:21 -0800
Message-id: <B78F87A2-E8A4-4E83-B5C7-9A6FBD3ECCD4@apple.com>
References: <22683.8182.349840.103676@fireball.acr.fi> <D28C9CC6-FD00-4A42-8451-F9B0AA83E4BF@apple.com> <22684.25414.470545.969594@fireball.acr.fi> <1F3EB5DA-3BF3-45CD-A31E-3D170B5B4F01@apple.com> <B06891DE-4F9C-4506-940F-E2CEF76000D2@nohats.ca>
To: Paul Wouters <paul@nohats.ca>
X-Mailer: Apple Mail (2.3251)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrMLMWRmVeSWpSXmKPExsUi2FAYrCu2dE6EwdzFvBb7t7xgszh6/jmb xftbl5gcmD2WLPnJ5HH460IWj+/zmAKYo7hsUlJzMstSi/TtErgyujousxQckK040nSKsYFx hXgXIyeHhICJxLV9/5m6GLk4hAT2MkocanvBDpOYs6SHDSJxjFFiwv4OFpAEr4CgxI/J94Bs Dg5mAXmJg+dlQcLMAloS3x+1skDUz2KSWLByNVi9sIC0RNeFu6wQtr/E5WU7GUF62YAaDqwx AglzCthKnF75hgnEZhFQlfi7aws7xPhgiUdLTCC22kh0fP7BDDH+L6PE8/nTGEESIgKKEpPO PGKBuFlW4tPzn+wgRRICB9gkDl/dxDiBUXgWkrNnIZw9C8nZCxiZVzEK5SZm5uhm5pnpJRYU 5KTqJefnbmIEhfp0O9EdjGdWWR1iFOBgVOLhfVkzJ0KINbGsuDL3EKM0B4uSOK+EycwIIYH0 xJLU7NTUgtSi+KLSnNTiQ4xMHJxSDYw1B4Nmi6Re3zglwdDwwsk6qcBTCy9+aZa9+dRmjeOi 5kclLPM3X0uJrHgy/yhP2dOii0wXGxpPsa66weAU7bX4R8Jhu40bXGRz3zL+urZf9MjD0yGJ YRcUFsYU3v+WWRZ1WeTPzpLZBUod8heO8siaxLrW3Sn1c3usv/V5Y5O59ZQrARPvTN+rxFKc kWioxVxUnAgA4OFm0VYCAAA=
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupikeLIzCtJLcpLzFFi42IRnG7noCu2dE6EwZO3rBb7t7xgszh6/jmb xftbl5gcmD2WLPnJ5HH460IWj+/zmAKYo7hsUlJzMstSi/TtErgyujousxQckK040nSKsYFx hXgXIyeHhICJxJwlPWwQtpjEhXvrgWwuDiGBY4wSE/Z3sIAkeAUEJX5Mvgdkc3AwC8hLHDwv CxJmFtCS+P6olQWifhaTxIKVq8HqhQWkJbou3GWFsP0lLi/byQjSywbUcGCNEUiYU8BW4vTK N0wgNouAqsTfXVvYIcYHSzxaYgKx1Uai4/MPZojxfxklns+fxgiSEBFQlJh05hELxM2yEp+e /2SfwCg4C8mlsxAunYXk0gWMzKsYBYpScxIrjfUSCwpyUvWS83M3MYJCtqEweAfjn2VWhxgF OBiVeHgnVM2JEGJNLCuuzD3EKMHBrCTCO28RUIg3JbGyKrUoP76oNCe1+BBjMtD9E5mlRJPz gfGUVxJvaGJiYGJsbGZsbG5iTpqwkjiv5/4ZEUIC6YklqdmpqQWpRTBbmDg4pRoYbVtX2LTf jPh7SlZM33HDameXVfdbPLkNP0jdmCW81udvLssO3q93kosPH7+3t9/drvzG/RhrDe6Pr3fG GHzuurbqbYPTyvUxzRcmin2b19pgJPd+3vJVG6ZVx+ss7jv3+f2bux4r9i6fuXCy5LKFeQdk /oanTXXRXjO/wW/lnjC7l7dPXFoi2KDEUpyRaKjFXFScCABnuwfcnQIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/sU0ckG88rVm2rbS0tOItjYgPLUs>
Cc: ipsec@ietf.org, Tero Kivinen <kivinen@iki.fi>, Tommy Pauly <tpauly@apple.com>
Subject: Re: [IPsec] Working group last call for the draft-nir-ipsecme-eddsa-00
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Feb 2017 17:21:28 -0000

Based on these arguments, I agree that a new value (5) is preferable to 0.

David


> On Feb 9, 2017, at 08:57, Paul Wouters <paul@nohats.ca> wrote:
> 
> Yes I forgot to reply. I strongly object to assigning 0 for real values. It should be left for implementations to detect a value has not been set.
> 
> Paul
> 
> Sent from my iPhone
> 
>> On Feb 9, 2017, at 11:12, Tommy Pauly <tpauly@apple.com> wrote:
>> 
>> Thanks for sending out the corrected draft name, Tero. I think this draft is in good shape in general and we should move forward with it.
>> 
>> The only thing that seems to need ironing out is the specific IANA hash value. I can see the argument either way: as the draft points out, 0 makes sense for the Identity hash, since it can be viewed as "no hash at all". However, I agree with your point that 0 may often be used in code to indicate an uninitialized value. I would be concerned if existing implementations flagged 0 as an error, here, as well.
>> 
>> I think it would make sense to do a quick poll of the WG to get some consensus on this. At this point, I'm mildly in favor of a new value (5).
>> 
>> Thanks,
>> Tommy
>> 
>>> On Feb 9, 2017, at 4:40 AM, Tero Kivinen <kivinen@iki.fi> wrote:
>>> 
>>> Ah I noticed that my last call email had wrong draft name in the
>>> subject line and in the link. The correct draft name is of course
>>> draft-ietf-ipsecme-eddsa-00 not *-nir-* version.
>>> 
>>> David Schinazi writes:
>>>> I've reviewed this draft. I support it and believe it is ready to move forward
>>>> towards becoming a standards-track RFC. Also, would it make sense to ask
>>>> IANA for early assignment of the code point? Using 0 sounds reasonable to me.
>>> 
>>> As this is expert review registry there is no need to ask for early
>>> allocation, the normal process is just to fill in the IANA general
>>> request for assignments, which then goes to the IANA and they will
>>> then send it to the expert (me) for verification.
>>> 
>>> If normal number (other than 0) would be given out, then I would just
>>> say yes, but allocating 0, which in registry is marked as:
>>> 
>>>   0    Reserved    [RFC7427]
>>> 
>>> and is not part of the :
>>> 
>>>   5-1023    Unassigned
>>> 
>>> range, then I would be bit more hesitant to give it out, and would
>>> most likely want to poll the WG and list before making decision.
>>> 
>>> I actually myself think it would be better to just allocate next free
>>> number from the unassigned space, and keep the value 0 as reserved...
>>> 
>>> For example we do not use value 0 of Encryption Algorithms transform
>>> to mean ENCR_NULL, we do have separate number allocated for it. On the
>>> other hand we do have value 0 meaning NONE in the Integrity algorithm
>>> transform ID table and for diffie hellman values, but there the
>>> meaning is bit different, it means there is no value for that id, here
>>> it would be meaning that there is this identity function version of
>>> the hash function. 
>>> 
>>> As an expert and as a implementor I think I would prefer next free
>>> number over 0... Quite commonly in the code we use value 0 as meaning,
>>> we have not yet received anything, or we have not yet initialized this
>>> field, and having separate value for identity function might make
>>> things easier. But if others have good reasons why the value 0 is
>>> better, feel free to tell me...
>>> -- 
>>> kivinen@iki.fi
>>> 
>>> _______________________________________________
>>> IPsec mailing list
>>> IPsec@ietf.org
>>> https://www.ietf.org/mailman/listinfo/ipsec
>> 
>> _______________________________________________
>> IPsec mailing list
>> IPsec@ietf.org
>> https://www.ietf.org/mailman/listinfo/ipsec
>

v2.23.0 | Report a Bug | By Email