Re: [IPsec] Preliminary minutes for the IPsecME meeting
"Valery Smyslov" <smyslov.ietf@gmail.com> Mon, 01 April 2019 13:03 UTC
Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07DA1120115 for <ipsec@ietfa.amsl.com>; Mon, 1 Apr 2019 06:03:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.499
X-Spam-Level:
X-Spam-Status: No, score=-0.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=1.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T4eT0s-oyMBH for <ipsec@ietfa.amsl.com>; Mon, 1 Apr 2019 06:03:40 -0700 (PDT)
Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D76A1120118 for <ipsec@ietf.org>; Mon, 1 Apr 2019 06:03:39 -0700 (PDT)
Received: by mail-wm1-x32e.google.com with SMTP id v14so11353231wmf.2 for <ipsec@ietf.org>; Mon, 01 Apr 2019 06:03:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:references:in-reply-to:subject:date:message-id:mime-version :content-transfer-encoding:thread-index:content-language; bh=wxCee+SBdy4vyclueAvmijT7/u8kou+yaal4LXJDjiY=; b=YEZjV++IrkpmX5qsh9C/rkyOZcARWsEV+rkkkrBO+Jvr/53nACNBKBQQ3bHtsuG5Q8 u+q90yLnpWm8t6zg/BXhSeJHWaTRKZ8rVl34kpP2QvQOztP0flk8jhN117aIiRTMH2+i DJpW9CTNNhXBid39RXlKq0GEeikhIqtC6PETCpBZYIVb58QKILTjAAX4suLb6EMaH8xe l1WkGnkutXN+neVEkdRGTZ3QtWSJHqGu0JyMIz3JQwPIh+phQdSQkbGt4WFkVNOJJU2e 8iRsXuM8ApxAZIJj/Y0SrZFIX8jUl3yItGrCX1WolbI1iD5cttgOoTlen26XJRaLth1d UBEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:thread-index :content-language; bh=wxCee+SBdy4vyclueAvmijT7/u8kou+yaal4LXJDjiY=; b=S1jfQ6W9EpczgPgXLdmq+RENtHRQid1XwikH9PTEo5IAYIPlJmuJo9k8FrSU3/1MMe BmqhXJDbnXt1s5hwxulaLc5DO4WlgUW9nm+qr9ezhls3hCNzA1zSxLUcYqpO1bbQNP8u UelqO1VCvJTclwkBKuuDur2itTxaCivsNJgUpG0IGKI+os2n6nZS5bK0/mloU4VusESk pQZsfoifg3Ib/rWr+FcrJwHA/OO5FEg928EfdYsYvOtQraotH2nKaFSIDuBYGYOGqcF1 O82TmWqSA++dGtjr3CbwYl+e57wHUFy6PhRTt44TryAverVD1Lkd32nn+e5ez/vk7trr fMhg==
X-Gm-Message-State: APjAAAUCMOlpjdHeux9hfibqs45Y/nyi2fgte2ezpVw3IKNPrOBW9nd9 olLHcn0ee7F9bw1axwnFoSIwwaGnlqI=
X-Google-Smtp-Source: APXvYqzISOB+hNEj3uoZZfblr6KOvcZeRrajVZBEUzoaxcUsw0yh69QArBwOtvK8rZZ7e1OOsgCQVw==
X-Received: by 2002:a1c:c013:: with SMTP id q19mr12341997wmf.148.1554123818024; Mon, 01 Apr 2019 06:03:38 -0700 (PDT)
Received: from buildpc ([82.138.51.4]) by smtp.gmail.com with ESMTPSA id v16sm17170504wru.76.2019.04.01.06.03.35 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 01 Apr 2019 06:03:36 -0700 (PDT)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: 'Paul Wouters' <paul@nohats.ca>, ipsec@ietf.org
References: <23708.62392.134470.902330@fireball.acr.fi> <0d678659-9be6-fe1f-600a-e9fa79f4db3c@nm.ifi.lmu.de> <alpine.LRH.2.21.1904010629020.25834@bofh.nohats.ca> <c61f8233-6c25-44ff-e537-28fa35e9c816@nm.ifi.lmu.de> <alpine.LRH.2.21.1904010743160.25834@bofh.nohats.ca> <0a5901d4e882$c42fda90$4c8f8fb0$@gmail.com> <alpine.LRH.2.21.1904010804370.25834@bofh.nohats.ca>
In-Reply-To: <alpine.LRH.2.21.1904010804370.25834@bofh.nohats.ca>
Date: Mon, 01 Apr 2019 16:03:35 +0300
Message-ID: <0a7301d4e88b$5195ffb0$f4c1ff10$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJD+PU9r1T7ZsKwvuYC69+vJUzdJQHiZkqnAR/mIqkB/DD0CAHfaI4DAXIf3fACEjfViqT2B5iA
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/xlnUYMZcF6bYh5luXxANJrGr7Rs>
Subject: Re: [IPsec] Preliminary minutes for the IPsecME meeting
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2019 13:03:42 -0000
> > The RFCs are always being published in serial :-) > > We have clusters :) That's not a problem, cluster members are well aware of each other :-) > > So, my idea that every new application RFC must define its relative > > order in regard to all already published application RFCs > > and whether piggybacking with each of them is allowed. > > Joking aside, I do feel it is important that the intermediate exchange > is a general concept, and should have the least amounts of hooks and > order of payloads or what not. I do not think it is a good idea to > insist on building a linked list of RFCs/payloads. The generic model of > IKE is payloads can be in any order. And if a payload won't fit in the > first intermediary exchange, it should be able to send it in the next > one without knowing anything about the other things going on. I don't like this, as this complicates responder's state machine. The responder should know what it would receive next (with some flexibility, of course). So, if initiator splits payload into several exchange, the responder must be prepared to this, so it must be stated in some application draft whether splitting this particular payload over several exchanges is OK and under what conditions. > Of course, there are exceptions, such as if we need QSKE before our new > imaginary payloads, but than those payloads might belong better in > IKE_AUTH. So, you still have to have some exceptions? I don't think we disagree in general. I'd only rather to avoid anarchy as much as possible. It doesn't mean that the order of intermediates must be fixed, it just must be specified what is OK and what isn't. So, if for some application it doesn't matter whether its data is sent first or last, it must be stated so. If for other the order is important, it also must be stated. If neither of published (so far) RFCs specifies ordering, you can perform exchanges in any order (as in your dream), if some specify, their order must be honored. Regards, Valery. > Paul > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] Preliminary minutes for the IPsecME meeti… Tero Kivinen
- Re: [IPsec] Preliminary minutes for the IPsecME m… mohamed.boucadair
- Re: [IPsec] Preliminary minutes for the IPsecME m… Tobias Heider
- Re: [IPsec] Preliminary minutes for the IPsecME m… Valery Smyslov
- Re: [IPsec] Preliminary minutes for the IPsecME m… mohamed.boucadair
- Re: [IPsec] Preliminary minutes for the IPsecME m… Paul Wouters
- Re: [IPsec] Preliminary minutes for the IPsecME m… Valery Smyslov
- Re: [IPsec] Preliminary minutes for the IPsecME m… Tobias Heider
- Re: [IPsec] Preliminary minutes for the IPsecME m… Paul Wouters
- Re: [IPsec] Preliminary minutes for the IPsecME m… Valery Smyslov
- Re: [IPsec] Preliminary minutes for the IPsecME m… Valery Smyslov
- Re: [IPsec] Preliminary minutes for the IPsecME m… Paul Wouters
- Re: [IPsec] Preliminary minutes for the IPsecME m… Valery Smyslov