Re: [IPsec] Some comments to the draft-ietf-ipsecme-qr-ikev2-01.txt
"Valery Smyslov" <smyslov.ietf@gmail.com> Wed, 07 February 2018 07:41 UTC
Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4905E1201FA; Tue, 6 Feb 2018 23:41:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.2
X-Spam-Level:
X-Spam-Status: No, score=-1.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SORBS_WEB=1.5, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tOpeYM_6hG82; Tue, 6 Feb 2018 23:41:29 -0800 (PST)
Received: from mail-lf0-x22b.google.com (mail-lf0-x22b.google.com [IPv6:2a00:1450:4010:c07::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5119C1200C1; Tue, 6 Feb 2018 23:41:29 -0800 (PST)
Received: by mail-lf0-x22b.google.com with SMTP id a204so6451180lfa.2; Tue, 06 Feb 2018 23:41:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-transfer-encoding:thread-index :content-language; bh=y68hDmTNgCm1+fZeguVBx0sm1upQit5JqMtWJDSbOYE=; b=mP62dm7tIXPhoyyK2qfvYd8O6eWcS5nTIn5FiA8+WgKewxbFIR2X8+crdO1KzTE5dk 1+CrCBtwKtKvXUXbpT5Qz9QiRGR43+hhwUw2qLKH2B8b05aQaz5NblUeyBp1pUaPnpF7 6yzYlFLjbOolf1Of4dQ0DsvBKbZWdW1ctWrN4PPSxbePCaoPvdULBpOCUzpMHjIkGFdH 4dmrdCN190uFwPAYp1IR+t6y8SRB1GGorqjq2ZW27ekpifo6UsVC9laqPn0QV3eFOGgO F9sYRWCROErGsuTwL0OVu6W0kjAcxgn0kan1UIEcGBQLJ848ztVe+hfMqmneaM7mE48f Eg/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:thread-index :content-language; bh=y68hDmTNgCm1+fZeguVBx0sm1upQit5JqMtWJDSbOYE=; b=YLlmGBtTK+whV5Dc8NqM4UHAGJl+aT3Ux8YmJT+M3guhSc7V0qdbJbSHfTKdbl29lr pLXC7Pjr2FVQC0cu9A0WKJdEoGcK/qT9tlZAGpLopm+YLNssclUSu0deHDux7K4uqMZX RRUlPlNQAKQT8cGxEk3ft+ZQul13jXIIz+ibeZHybZZzHRs14Xz9kNhYQudME4H+31VZ 6O1+JIz2PzH3gElf4RfzX/3/5alWCDzKpRUUxpoi56ll07RLyYlwQfEBMHTLRWDj3OeY AP5tgalmsYbufg0CMSVEme9CYYxm1MBvK4+nGB3AY/+zCz3l4RuFV/oXB6dr2QTcMPrZ Ao8g==
X-Gm-Message-State: APf1xPANfKOPCVYibS16i2cG2hmr69Dx3+QyRkcyuLn0/U0Pg0F47fxn zXAgBPLvCDW3B8gCkr1kdYU6+A==
X-Google-Smtp-Source: AH8x227Zz40RqWdiBPB2BMMqrh72yiWVTMOVCE1eHOQWDB2ab9MQnDCxkNjWISBrAzpk/KI7JinV7A==
X-Received: by 10.25.193.204 with SMTP id r195mr3582973lff.37.1517989287295; Tue, 06 Feb 2018 23:41:27 -0800 (PST)
Received: from buildpc ([82.138.51.4]) by smtp.gmail.com with ESMTPSA id r132sm193642lfe.9.2018.02.06.23.41.26 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 06 Feb 2018 23:41:26 -0800 (PST)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: 'Tero Kivinen' <kivinen@iki.fi>, draft-ietf-ipsecme-qr-ikev2@ietf.org
Cc: ipsec@ietf.org
References: <23161.59190.256739.684496@fireball.acr.fi>
In-Reply-To: <23161.59190.256739.684496@fireball.acr.fi>
Date: Wed, 07 Feb 2018 10:41:30 +0300
Message-ID: <06f101d39fe7$122a2510$367e6f30$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFXTNySIUYc4nTAbmWzAAQaPUqdraSRM2Hg
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/szjXI7t9DgKufaoP8wEbA6_PKUM>
Subject: Re: [IPsec] Some comments to the draft-ietf-ipsecme-qr-ikev2-01.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2018 07:41:31 -0000
Hi Tero, thank you for the found typos and leftovers. We'll fix them in the next version (there are also a couple clarifications that we want to add to the document). Regards, Valery. > While approving the IANA expert request for this document I noticed > some things that might require some fixes to the draft: > > -- > > In section 1.1 (which will be removed) there is typo in PPK_SUUPORT. > > -- > > In section 3 it would be better to use the same format than what is > used in the RFC7296 when using notify payloads with data in it, i.e. > replace > > N(PPK_IDENTITY)(PPK_ID) > > with > > N(PPK_IDENTITY, PPK_ID) > > (see example use in RFC7296 section 2.8.1 or RFC5685). > > -- > > In section 4 there is text saying: > > If the responder has not been upgraded and properly configured, > they will both realize it, and in that case, the link will be > quantum secure. > > I think there is something wrong with that. If the responder is not > upgraded, then link will not be quantum safe. Same if it is not > properly configured. I think it is trying to say that "If the > responder has been upgraded and ..." > > -- > > In appendix A there is text saying: > > By limiting our changes to notifications, and translating the > nonces, it is hoped that this would be implementable, even on > systems that perform much of the IKEv2 processing is in hardware. > > I think the text "translating the nonces" is leftover from old design > and should be changed to reflect the fact that this now changes the > SK_d, SK_pi and SK_pr. > > -- > kivinen@iki.fi > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] Some comments to the draft-ietf-ipsecme-q… Tero Kivinen
- Re: [IPsec] Some comments to the draft-ietf-ipsec… Valery Smyslov