IETF Logo Mail Archive

Re: [IPsec] AD review of draft-ietf-ipsecme-qr-ikev2-08

Tero Kivinen <kivinen@iki.fi> Fri, 08 November 2019 00:36 UTC

Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B36C61201B7 for <ipsec@ietfa.amsl.com>; Thu, 7 Nov 2019 16:36:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.42
X-Spam-Level:
X-Spam-Status: No, score=-3.42 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xw1C7iOJI3yf for <ipsec@ietfa.amsl.com>; Thu, 7 Nov 2019 16:36:35 -0800 (PST)
Received: from fireball.acr.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09B62120018 for <ipsec@ietf.org>; Thu, 7 Nov 2019 16:36:35 -0800 (PST)
Received: by fireball.acr.fi (Postfix, from userid 15204) id CACE725C177B; Fri, 8 Nov 2019 02:36:32 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <24004.47248.804169.798841@fireball.acr.fi>
Date: Fri, 08 Nov 2019 02:36:32 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: Paul Wouters <paul@nohats.ca>
Cc: Valery Smyslov <svan@elvis.ru>, "ipsec@ietf.org WG" <ipsec@ietf.org>
In-Reply-To: <alpine.LRH.2.21.1911060940430.10926@bofh.nohats.ca>
References: <20191105023831.GH55993@kduck.mit.edu> <058d01d593e5$0be7eb80$23b7c280$@elvis.ru> <20191105195939.GH61969@kduck.mit.edu> <alpine.LRH.2.21.1911051731400.15597@bofh.nohats.ca> <06de01d59477$97f347e0$c7d9d7a0$@elvis.ru> <alpine.LRH.2.21.1911060940430.10926@bofh.nohats.ca>
X-Mailer: VM 8.2.0b under 26.3 (x86_64--netbsd)
X-Edit-Time: 4 min
X-Total-Time: 3 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/wRBVaS9a1YCOPPapmlzH7To9Fcw>
Subject: Re: [IPsec] AD review of draft-ietf-ipsecme-qr-ikev2-08
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Nov 2019 00:36:37 -0000

Paul Wouters writes:
> On Wed, 6 Nov 2019, Valery Smyslov wrote:
> 
> > Do you think the current diagrams are confusing?
> 
> Yes. Because often I go back to RFCs and only look at the diagrams
> expecting it to be what I need to implement. So for optional/required
> payloads, I would mostly look at the diagram, and perhaps read a bit
> of text.

That is the reason we added Appendix C in the IKEv2.

So my proposal is to leave the exchanges inside the text as they are,
but add new Appendix that has the different exchanges including the
optional payloads.

> >> That is, the diagrams should represent the state machine, not an
> >> example of the state machine.
> >
> > Hmmmm... It's an open question :-) Aa a counter-example,
> > the EAP and non-EAP case of IKEv2 are not shown
> > on the same diagrams - these are different diagrams,
> > however the state machine for IKE_AUTH is the same.
> 
> Sure.

In RFC7296 Appendix C we do have C.2 IKE_AUTH Exchange without EAP,
and C.3 IKE_AUTH Exchange with EAP. And I would say that the state
machine for IKE_AUTH for them are different, the state machine for
IKE_SA_INIT is same for both and is not included in C.2, or C.3, both
of them use the IKE_SA_INIT from C.1
-- 
kivinen@iki.fi

v2.23.0 | Report a Bug | By Email