Re: [IPsec] WG adoption call for draft-smyslov-ipsecme-ikev2-auth-announce
Valery Smyslov <smyslov.ietf@gmail.com> Tue, 09 November 2021 10:44 UTC
Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A3E43A0E84 for <ipsec@ietfa.amsl.com>; Tue, 9 Nov 2021 02:44:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l2vzfkg62C5P for <ipsec@ietfa.amsl.com>; Tue, 9 Nov 2021 02:44:38 -0800 (PST)
Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C64393A0E83 for <ipsec@ietf.org>; Tue, 9 Nov 2021 02:44:37 -0800 (PST)
Received: by mail-lj1-x232.google.com with SMTP id t11so35426502ljh.6 for <ipsec@ietf.org>; Tue, 09 Nov 2021 02:44:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-transfer-encoding:content-language :thread-index; bh=RyKQJIIdmwnOZ+eZ8pDMP9OfSc8DaeeWcXHh/D3kwUc=; b=Wg9nAq4hmGj+6zorDJ8lIvRZfCVM4g0x7a6J2OdSR+vVXhoHbG1cD0o1fPVjXKk1S/ 5gDY+M2wLrmmSdCtt1z3R38X1BVUy1hYAHVVGsdZaV56xB3T99a3+zdiF5XfVeeSj1eo /nVEX274psJVi5CcbGEhCIpUPQ6te/yqtlgn6Wo7PsbqZQmQQ7GKLl3Lu+FQF0/5U4A/ 97VlxaSrkAww3qaIEzZmbntqupKc9TG3Wxhg1VvVqe4va9Vn7ppUu07D5xUFyG4GEQ6m O5005nmDrxQk35IP3grsni99CkAaYirTXbRSl9Li8ZNcm7aIqr04zzKlRGCsrZ3N1r+4 MM8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:content-language :thread-index; bh=RyKQJIIdmwnOZ+eZ8pDMP9OfSc8DaeeWcXHh/D3kwUc=; b=md+pw+VhbSHXdvYaQ/C/JUbk7HoRrmoYFsRwlR1tnjV9rYp60NO08YEtuXTrUL3gBI WQwqcuWF5/ZBLHXBopaUE20ZKAGkXov8ikk+SwZeTy5p8SonO3UOYwXzL5TMwv06WrRj c4hcW+7jKdwVUGsFb2Sc3z4WgAUCBPrncmAyoNIRt1VOw65kfKUQdt6Ygd7Q9qwiGgD5 4ozjY8FkNHnFGmnF10EBNFS/4mPUHPMv+P7FZQMJ+Ca63wZeL0F+Xd57KtM/K592C0FO P5Iz494iqiJO/QnXn9riyyTtMcdqBzWqRqURsWDRHJt/NbWkDLtYbWql7A5T9HwwrV8W lA+Q==
X-Gm-Message-State: AOAM532WbplH3CrtKwvvQGV6W0byIphYqRTZSIgXg8Fg7Sh2yPxoozIl wjneTweS7wlJFWjPr5RmmjNoyrphaQM=
X-Google-Smtp-Source: ABdhPJw+44xadlp8ox86eVJFCSyuxCde3Fc5Du0xxRAKJDQZfKZz4g9hqGqBJdQOFMR4RCob0HGiHQ==
X-Received: by 2002:a05:651c:28e:: with SMTP id b14mr6503598ljo.440.1636454667796; Tue, 09 Nov 2021 02:44:27 -0800 (PST)
Received: from chichi (37-144-56-120.broadband.corbina.ru. [37.144.56.120]) by smtp.gmail.com with ESMTPSA id b4sm2097952lft.206.2021.11.09.02.44.27 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Nov 2021 02:44:27 -0800 (PST)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: 'Paul Wouters' <paul@nohats.ca>, 'Tero Kivinen' <kivinen@iki.fi>
Cc: ipsec@ietf.org
References: <24969.12694.458121.62453@fireball.acr.fi> <b4daaaf-4547-b0f9-2b6b-7b6793ac7460@nohats.ca>
In-Reply-To: <b4daaaf-4547-b0f9-2b6b-7b6793ac7460@nohats.ca>
Date: Tue, 09 Nov 2021 13:44:23 +0300
Message-ID: <006701d7d556$c2a47320$47ed5960$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Content-Language: ru
Thread-Index: AQI984ay0XGJr33EFVxTcxOq7AsSrQJEZIsiqxyhJ/A=
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/ug4Uq4K3HHiQpzmdkSlLrUag7os>
Subject: Re: [IPsec] WG adoption call for draft-smyslov-ipsecme-ikev2-auth-announce
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 10:44:42 -0000
Hi Paul, > On Mon, 8 Nov 2021, Tero Kivinen wrote: > > > draft-smyslov-ipsecme-ikev2-auth-announce > > > > This is the start of 2 week WG adoption call for this document, ending > > 2021-11-22. Please send your reply about whether you support adopting > > this document as WG document or not. > > I support working on the idea. Thank you. > I am not sure if this document in its > current form, properly conveys the differences between supported, > accepted and unsupported, rejected. This is especially tricky in the > responder side that does not yet know the ID of the peer and cannot > lookup configuration details yet. The responder has already to deal with this problem - it sends CERTREQ in the IKE_SA_INIT with the list of CAs before it knows the initiator's ID. The same is true for the SIGNATURE_HASH_ALGORITHMS notify. So, the problem is not new and the draft doesn't make responder's choice of what to send more tricky than it is now. > Also, as we have been merging authentication methods into RFC 7427 > digital signature format, it is unclear to me how we can convey some > of these parameters using existing IANA registries, since the whole > point here was that we didnt need to create and maintain one. Eg if we > support or allow EDDSA or some new signature algorithm, we might not > have any IANA registry for it, and just stating "we support RFC 7427" > does not solve the actual problem. The draft relies on AlgorithmIdentifier ASN.1 objects, that must exist for any new signature algorithm. They are assigned and maintained outside IKEv2 IANA registries. Regards, Valery. > Paul > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] WG adoption call for draft-smyslov-ipsecm… Tero Kivinen
- Re: [IPsec] WG adoption call for draft-smyslov-ip… Paul Wouters
- Re: [IPsec] WG adoption call for draft-smyslov-ip… Valery Smyslov
- Re: [IPsec] WG adoption call for draft-smyslov-ip… Valery Smyslov
- Re: [IPsec] WG adoption call for draft-smyslov-ip… Kampanakis, Panos
- [IPsec] WG adoption call for draft-smyslov-ipsecm… Tero Kivinen