IETF Logo Mail Archive

Re: [IPsec] Last Call: <draft-kivinen-ipsecme-secure-password-framework-01.txt> (Secure Password Framework for IKEv2) to Informational RFC

"Dan Harkins" <dharkins@lounge.org> Sat, 30 July 2011 18:47 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B38B921F85AB for <ipsec@ietfa.amsl.com>; Sat, 30 Jul 2011 11:47:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.265
X-Spam-Level:
X-Spam-Status: No, score=-6.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CIIzdzlKT3Ak for <ipsec@ietfa.amsl.com>; Sat, 30 Jul 2011 11:47:15 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 416F021F850B for <ipsec@ietf.org>; Sat, 30 Jul 2011 11:47:15 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 0DB0CA88810C; Sat, 30 Jul 2011 11:47:16 -0700 (PDT)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Sat, 30 Jul 2011 11:47:16 -0700 (PDT)
Message-ID: <a4993382c19cf392949a923e79c323c2.squirrel@www.trepanning.net>
In-Reply-To: <4E332A65.3030804@gmail.com>
References: <20110727164459.29853.48303.idtracker@ietfa.amsl.com> <7C54FFE2-FFE0-4B4C-BF7E-142A6B10DF6B@checkpoint.com> <78B594BA-9406-44A2-AB8E-0BF5A425AEC1@vpnc.org> <7828ad8727dd860ccd6c5eb5acd52c19.squirrel@www.trepanning.net> <4E30F876.70200@gmail.com> <bfc0170030270acb5124c61f7770f46b.squirrel@www.trepanning.net> <4E332A65.3030804@gmail.com>
Date: Sat, 30 Jul 2011 11:47:16 -0700
From: Dan Harkins <dharkins@lounge.org>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: IPsecme WG <ipsec@ietf.org>, Dan Harkins <dharkins@lounge.org>
Subject: Re: [IPsec] Last Call: <draft-kivinen-ipsecme-secure-password-framework-01.txt> (Secure Password Framework for IKEv2) to Informational RFC
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jul 2011 18:47:15 -0000

  Hi Yaron,

On Fri, July 29, 2011 2:47 pm, Yaron Sheffer wrote:
> Hi Dan,
>
> there are three drafts on the table, and they are NOT identical. Crypto
> protocols, as you know well, are a mixture of cryptography and
> engineering. While the engineering on all three is very similar, the
> cryptography is not.

  I didn't say the cryptography was identical, nor did I say the drafts
are identical (if they were then this "controversy" would be even more
contrived!).

  What I meant was that if your original opposition to my draft was
technical (or non-political, as you say) then we would've seen some
demonstrable technical difference in 1 of the 3 new drafts. We didn't.
They all do a zero knowledge proof in about the same number of rounds
(adding one to IKE_AUTH) with about the same amount of work (+- a modular
exponentiation). They all achieve the same goal in approximately the
same amount of messages with approximately the same amount of work.

  If there was a obvious demonstrable technical difference between the
drafts then the WG would've picked a winner or the AD would've picked
a winner or his designated expert would've picked a winner. But we have
no winner so, as I said, they are "effectively _identical_ from a
technical point of view."

  So there wasn't a technical reason for you to do what you did. We
could've had a standards track solution to this work item if you had
just treated my draft in the same way you treated your own. But no. We
have 3 drafts, an implementation problem, and now your opposition to a
draft to lessen that problem as much as possible.

> I do not wish to offend, but I believe cryptography is better left to
> professional cryptographers. I am not a cryptographer; the primary
> author of draft-kuegler-ipsecme-pace-ikev2 is.

  I'm not offended because I'm not a cryptographer and have never said
otherwise. But neither are any of the editors of the IKEv2 draft and I
don't remember your opposition to the advancement of that draft to RFC.

  Dan.

v2.23.0 | Report a Bug | By Email