Re: [IPsec] Last Call: <draft-kivinen-ipsecme-signature-auth-06.txt> (Signature Authentication in IKEv2) to Proposed Standard
Tero Kivinen <kivinen@iki.fi> Mon, 25 August 2014 12:42 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3808F1A9083 for <ipsec@ietfa.amsl.com>; Mon, 25 Aug 2014 05:42:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.789
X-Spam-Level:
X-Spam-Status: No, score=-1.789 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668, SPF_NEUTRAL=0.779] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 160vc14yy0AL for <ipsec@ietfa.amsl.com>; Mon, 25 Aug 2014 05:42:29 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C244F1A9082 for <ipsec@ietf.org>; Mon, 25 Aug 2014 05:42:28 -0700 (PDT)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.8/8.14.8) with ESMTP id s7PCgPbN027260 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 25 Aug 2014 15:42:25 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.8/8.14.8/Submit) id s7PCgPFM017386; Mon, 25 Aug 2014 15:42:25 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <21499.12081.402882.766863@fireball.kivinen.iki.fi>
Date: Mon, 25 Aug 2014 15:42:25 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: Johannes Merkle <johannes.merkle@secunet.com>
In-Reply-To: <53FB27BE.2010504@secunet.com>
References: <20140701161112.18036.94027.idtracker@ietfa.amsl.com> <53B6BA3F.40509@secunet.com> <21452.4707.784185.458764@fireball.kivinen.iki.fi> <53D225B4.2030508@secunet.com> <53FB27BE.2010504@secunet.com>
X-Mailer: VM 8.2.0b under 24.3.1 (x86_64--netbsd)
X-Edit-Time: 6 min
X-Total-Time: 6 min
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/vzwVJlPGAmRGD0JLjaeloXDKUJg
Cc: ipsec@ietf.org
Subject: Re: [IPsec] Last Call: <draft-kivinen-ipsecme-signature-auth-06.txt> (Signature Authentication in IKEv2) to Proposed Standard
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Aug 2014 12:42:31 -0000
Johannes Merkle writes: > you haven't responded to my objection yet. Please let me know if you > think that I am mistaken; otherwise the example > should be corrected. I have not have time to come back to this draft yet, I was still supposed to be on vacation for last week and this week, but I had to get back to get the RFC5996bis stuff going, so thats why I have been trying to concentrate on that. Yes, I think you are right that the change I made in there might not be correct. I need to try to parse the RFCs more to try to find out how the RSASSA-PSS parameters are supposed to be included. There is also cases that inside the parameters there is hash and mgf algorithms, which have parameters and they have again different rules whether they needs to be include, absent etc... The RSASSA-PSS is so complicated that getting things right seems to require multiple readings of the RFCs to parse everything right :-) Luckily all this text is non-normative, the implementors are supposed to be reading the other RFCs for real specifications, but that does not mean we can write anything that is wrong here either... -- kivinen@iki.fi
- [IPsec] Last Call: <draft-kivinen-ipsecme-signatu… The IESG
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sig… Johannes Merkle
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sig… Tero Kivinen
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sig… Johannes Merkle
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sig… Johannes Merkle
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sig… Tero Kivinen
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sig… Tero Kivinen
- Re: [IPsec] Last Call: <draft-kivinen-ipsecme-sig… Johannes Merkle