Re: [IPsec] New Version Notification for draft-smyslov-ipsecme-ikev2-qr-alt-07.txt
Rebecca Guthrie <rmguthr@uwe.nsa.gov> Mon, 21 August 2023 21:25 UTC
Return-Path: <rmguthr@uwe.nsa.gov>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87E2CC14CF1A for <ipsec@ietfa.amsl.com>; Mon, 21 Aug 2023 14:25:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.008
X-Spam-Level:
X-Spam-Status: No, score=-3.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_GOV_DKIM_AU=-0.999, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=uwe.nsa.gov
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y9zkT-CJEeHi for <ipsec@ietfa.amsl.com>; Mon, 21 Aug 2023 14:25:16 -0700 (PDT)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com (mail-bl0gcc02on2074.outbound.protection.outlook.com [40.107.89.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD03EC14F74E for <ipsec@ietf.org>; Mon, 21 Aug 2023 14:25:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GoRxkY0KQiQ/rIM82MS/bbfg1/oVhj3XN1nOKU5c5e9OLPOVMJKA/cRY6wsOxQ2NA87SF8QEyVjdZdgtua1fGmbA08Zmbi/YSNbecum8Hm4Pjc+gHHlL/5GERGQ6OyuqLsDo0m0pMLs8mJdpRzvjKoWC+ow1PIHXR88pB1CAYcrdgl+alcccdjGCV9X1QLgNkppj+VdB2HkoxFvedpQx8bcYxtL5RFyspmk2J7gFzKcWPW3VEWUoKS2Vspd5D9/yPKFxJI/khGpULTkVWdcBXo98n5S+mjJgTeip/6TMg5QPhlRGZCFF6dX4ZGjoBmLvs+ObZfauxWwHefVIMUWLsA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WG7u2A7oMIMmNbEKDVe59ZWgqgHRS/Mh3T3sdm4e1Fg=; b=Wu3mPTE/h0/Mhugj3UeKb9I5oEAql0eLxufdGcPrO0Id5+tipwEpp0VfWV39XpO7Vb0BFbo8VoEP1hiGX/5Pgw1aHkAZrJEDTDi2iBn/pCKJxuEFtk/aOo6cA7HBrOUbMezJLqHCzOjFQHfT7zLULnPOIOA6KKaTA1Mbdskpx8ERcwDvvklkag4Z3MezMEEkMG2NQEtFW7QAIXVZ9TFU3KEiRvBYA8LUkutDlFCFqePpKD3a6Wb+THE1BqMPHympWJ9tf43opTrkQ/7gu1MGSJLMvOUxBB/iUVsRXI6ZIJv6y5mWTWT8lGOg4uVZA/EktjuhYWRbTpe7DWh2pxVK9Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uwe.nsa.gov; dmarc=pass action=none header.from=uwe.nsa.gov; dkim=pass header.d=uwe.nsa.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uwe.nsa.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WG7u2A7oMIMmNbEKDVe59ZWgqgHRS/Mh3T3sdm4e1Fg=; b=EZme4g5rUq9JLNSROxMZuuVHKN/dX2d8dCVjUK8ryDyfz0mxVJU2gAlqY0GyCjkCndoIZ3T+Aj9jx1JPB/SfwUP3Lcaf0P8QaIAq55x6V1nDg/B8wi+jHOHDydJsrflG8Pg9LWabuL2ioT+Rn2guz8JUcdSrNGoUE+DzAL2//YBpKMOdaU4hbqWNdH4JVLgup+1I37jT1PhfUzOxNEJuQHVU5NHkKuIyDUMGeSY5hg+3xhcsrYnakMq1QRXM2f69EKKl0BcIRy4D8sVebmqX0fb6f1R6OUsxA4IeL0ttUIJWpZtawV/rzRVxU8dqDRdbwKib/mcBMitjCwpEJ2dB5w==
Received: from PH8PR09MB9294.namprd09.prod.outlook.com (2603:10b6:510:18b::16) by MW4PR09MB10107.namprd09.prod.outlook.com (2603:10b6:303:1e7::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6699.24; Mon, 21 Aug 2023 21:25:09 +0000
Received: from PH8PR09MB9294.namprd09.prod.outlook.com ([fe80::e2c8:b634:ca95:7842]) by PH8PR09MB9294.namprd09.prod.outlook.com ([fe80::e2c8:b634:ca95:7842%6]) with mapi id 15.20.6699.022; Mon, 21 Aug 2023 21:25:09 +0000
From: Rebecca Guthrie <rmguthr@uwe.nsa.gov>
To: Valery Smyslov <svan@elvis.ru>, IPsecME WG <ipsec@ietf.org>
CC: "ipsec-chairs@ietf.org" <ipsec-chairs@ietf.org>
Thread-Topic: [IPsec] New Version Notification for draft-smyslov-ipsecme-ikev2-qr-alt-07.txt
Thread-Index: AQIePgQVeIW8tdg3uXSDhsDqpuiCAa6g0+ZQgMuYLVA=
Date: Mon, 21 Aug 2023 21:25:08 +0000
Message-ID: <PH8PR09MB92945FAFF119DE5ABFE3601BFC1EA@PH8PR09MB9294.namprd09.prod.outlook.com>
References: <168145751264.47555.6193678852468782615@ietfa.amsl.com> <047601d96ea8$b40f8f60$1c2eae20$@elvis.ru>
In-Reply-To: <047601d96ea8$b40f8f60$1c2eae20$@elvis.ru>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=uwe.nsa.gov;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH8PR09MB9294:EE_|MW4PR09MB10107:EE_
x-ms-office365-filtering-correlation-id: 4721e216-a77d-49f0-8c67-08dba28d1893
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: O7kEo1a5g/mGFu9Pv05+Z5aSZ1gsQZfeiHw4bPlEHI8J3LXUw3qW+qv2tbRWxMGUKhECFJdmTnWtSy+xJhvLl1PG9Gy50A33taRTbwKh/Cpkz1V95jTVARmdT5Kb9W5giGNmYqnhR9Gm7WhUERmhTKX9lAZMj5vFMBlOzWy9/cQYKfbbftW090RCUlrrrdnIH1CNZIkukD1NVKLGzYhdChgalcNPG53sW/zlGNjiKKoErw5Kpd+S280QmVAc2qgmnhObkaFt3dm2z6bX5WgdoQqaIOu0RTPqzIjXWqkBVAlHrCLHumk9Q0ByiGovJ+/t3vYyGQPl7kCiBdyFQoU0YFIKVByCsfgOq634jaXlQIbCZnjrFx69asoXR+g6aIXdmdD9uy8TJCsqojYPWW+nEtcIsmWcbvoES63RAaUcJDx5Uo1D7yUm3+af/VSr0ig7AW0S1ObgnixJ1j099ftbIwqKkx9Q47DBZXXQSC2EVF7sQNGi1PKCn2KbUuh4yEF0oRTlnEXhBBInFKY8J21BtatZZSBlUqgcrwknYaHTu5OPV/iLOGncHPghjhSBAHkp0rG6iqfKRVI+qBFAqSN86ARhqBZ+y3Yj8l4zaGOSmkw=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH8PR09MB9294.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39830400003)(366004)(136003)(396003)(451199024)(1800799009)(186009)(66574015)(2906002)(53546011)(38100700002)(38070700005)(6506007)(15650500001)(83380400001)(5660300002)(52536014)(33656002)(26005)(7696005)(86362001)(8676002)(8936002)(4326008)(9686003)(66946007)(64756008)(66446008)(76116006)(66556008)(66476007)(110136005)(66899024)(82960400001)(508600001)(966005)(122000001)(41320700001)(55016003)(71200400001)(41300700001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: MQmZSj9dzG8583XXOoHRlS2S7hWEmcM5C8EVoYTr7RCpCeRQLzSGbahB15b+KaKh0d7z7hhICcTbFWjWAmyzn9K4GLR2xAFyEfwHVdZCnrs9RHcNXBZ/+rm0MwexHICbf9vfIx3pNxy9cX09HYdBaHRdHRICZG75n2k9i3fJzmigJHo/inNNSGQEfoL1eg4gz14rtFwhE4GEnCkNTEs4sXqbLkjJHVAUERAFsKGI8pOOn2yzczCxzm/rIlb86Yl/ryRKLZ+wAO0Hr3T5e0MA8P8CIJThjmh9YPY/pKq5zE+nyd8hLIE8gqheSgNcygQD3poNZBRhvyCDbaNVXQBnGfARauJQSLGsvcoFaIVnIU642gk53P6iykFm4sd0wMApOSnJIYSI8exlub1J0YBYJq7nralm1VREDwT4FMfwLFkVjLQTEfiH8g9o58OvWLnoWD9AsI8UprRZuqCSgKTv3385VgHmWOmWqEoyxx/uKznM7XSN1+oB9qFT+T1NOJs5sVqQAYbJab5lIR1reNPgFe+9a2dVW2iGNVqw39M14YpxQOj4MaBnWM7jOQ9yELjCItzStrBnK93mo+7tyGgzEeAJHihbXDwQypRMy1PfN/HH4JTXFvbKcmbLoC2gcEC57MzFkaDBiE95HTKLIT2yZkxaTvJBUpK1aM9iPoSmKGFbOaqxL0wzNpqYpu8hzUjEid+aE4udU9ucqRDIrHMe4QpkYZwWVqyithi7nG45ECPJbli8BHr6p2dEEl93lWqGAlDeJQ2lZ12PW4fmHQAx/Yk3KpJ4t9wAoqZpd6Qsske+1cwtBbzSgDHqVakN37mc8WNJ/5HFAXhkGywIGCgAXrodxBz/SMxOeCTcLgvlNTobDKjipNJC1yvTluTD78PMTXgkkvlisCBYAdGtnSjvrCBAgqSIXCwxQZJt4vLyvNAYD3hCO6Dl5plyQPucJYfBtDxQ4s8FEAFX0Zg/Vipm8OkQL2eNykSuBCsTLX3M3zk5fvUfR34WwQo3azBvWLbX68wnqk2ceD5KV9rtlFuV60gr/Fy0ZQvQ4XduYGAPUtp9S4uyOE8RPQ5f4C4PbdeRkzNWc9DqCD2JCtncCF4Pi+qYItmEx7VuEHMWuiWI9BlO1/YulwGJA1RCXfmP3Y/l1/OtItyerC5ek3jiiI8PsZZAPdcjAnnZAuWTvtYC/JP+XWv/PlpcRWNPZ02kyH4CrepnmyT9dtBjtQUfShZU8/3VbqeWbegulLxZXOAVGWyDm+VHlKayyzJVmRMtVUWSkuHV2R+V/2mMWdvYV8DEr3LphVX6Q6DbBcnCRUV0VkZ41tdf+jcgWO3YBwZdmqMLzTY+hXPNZr87uuf5wqFtvv+HQSI/bO/P1xbJKDEk+rJVUkItZTPpvKBiqG4uVtKtwTf4cibVudqdXLV+11839NDR2bX+IP63RjpYMVtKxln9Hlrm2pqhZGHfRkTbxnkAW9MqY2oLUGUMVhj5VhBad8YOyHVvvLfvPp4g6EotZiJYzoC3E3r6G2FBql3Amifr9081GxnyNyIm3Muc69fGIcXksDHBXPH2hLu29LyLWmWJLeUkp/a9MP7/nmMB9CX0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: uwe.nsa.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH8PR09MB9294.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4721e216-a77d-49f0-8c67-08dba28d1893
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Aug 2023 21:25:08.9014 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d61e9a6f-fc16-4f84-8a3e-6eeff33e136b
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR09MB10107
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/zsXy_s5V2z7M5RqwfCYubKPQm9s>
Subject: Re: [IPsec] New Version Notification for draft-smyslov-ipsecme-ikev2-qr-alt-07.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Aug 2023 21:25:20 -0000
Greetings,
I wrote to the mail list before IETF 117 that I support adoption of draft-smyslov-ipsecme-ikev2-qr-alt, and I have comments I would like to make. The draft did not get discussed at 117, so I'll share my comments here.
Comment: I suggest that the draft define a new Notify Payload, USE_EARLY_PPK, that uniquely specifies support for this draft, rather than relying on USE_PPK and INTERMEDIATE_EXCHANGE_SUPPORTED.
Explanation: There was agreement at the 116 meeting that the extension specified in this draft should not be used in conjunction with RFC 8784. The draft does allow for a fall-back to the PSK mechanism specified in RFC 8784 if the mechanism specified in this draft is not supported by the responder- this necessitates USE_PPK to be used ambiguously, such that its inclusion by the initiator in IKE_SA_INIT can represent the initiator's intent to do either (this draft's PSK mechanism or RFC 8784).
However, since it is still possible that RFC 8784 and RFC 9242 are used together, the inclusion of both USE_PPK and INTERMEDIATE_EXCHANGE_SUPPORTED does not uniquely specify this draft; rather, it could mean that an IKE peer supports RFC 8784, plans to use IKE_INTERMEDIATE for another purpose, and does not support this draft.
There may be a time where certain IKEv2 instances require the use of this draft such that the peer will abort the creation of the IKE SA if the extension specified in this draft cannot be supported. The peer may require the use of this draft either after transitioning away from RFC 8784, or having never supported RFC 8784 at all. In either case, the initiator and responder must be able to negotiate the use of this extension in IKE_SA_INIT. As the draft is currently written, depending on assumptions made by initiator and responder and depending on what is supported, they are able to get all the way to the end of IKE_INTERMEDIATE before realizing requirements cannot be met.
In the case where the Initiator requires draft-smslov-ipsecme-ikev2-qr-alt and RFC 9370, and the Responder supports RFC 8784 and RFC 9370, both will include USE_PPK and INTERMEDIATE_EXCHANGE_SUPPORTED in their respective IKE_SA_INIT messages, but the Initiator will not discover that it must abandon the SA until it has computed all of the intermediate key exchanges only to receive no response to its PPK_IDENTITY_KEY notification(s).
On the other hand, if the Responder requires the use of this draft and the Initiator instead supports RFC 8784, it is unclear what the responder should do when it does not receive a PPK negotiation message from the Initiator in the last IKE_INTERMEDIATE exchange. It is possible that the Responder may be expecting another IKE_INTERMEDIATE message containing PPK negotiation information, but if the Initiator does not support this extension, then it would instead begin the IKE_AUTH exchange.
Defining a new Notify Payload, USE_EARLY_PPK, that uniquely specifies support for this draft would remove the described ambiguity. In order to indicate support for the fall-back to RFC 8784 capability, the Initiator would send both USE_PPK and USE_EARLY_PPK Notify Payloads. It should be the case that when these are sent together, the preference for USE_EARLY_PPK is implicit. If the responder also supports USE_EARLY_PPK, it will ignore USE_PPK. If the responder does not support or does not recognize USE_EARLY_PPK, it may still support USE_PPK, and can proceed with the PSK mechanism described in RFC 8784.
Comment: During IKE_INTERMEDIATE, use N(PPK_IDENTITY) in initiator message and N(PPK_IDENTITY_KEY) in responder message, only for the single PPK the responder has selected.
Explanation: Currently, in the last IKE_INTERMEDIATE, the initiator sends SK { ... N(PPK_IDENTITY_KEY, PPK_ID_1) [ , ... , N(PPK_IDENTITY_KEY, PPK_ID_n ) ] } where PPK_IDENTITY_KEY is sent for each PPK_ID the initiator is offering. The responder then sends SK { N(PPK_IDENTITY) } for the PPK it selects, using the N(PPK_IDENTITY) Notify Payload specified in RFC 8784.
It's my understanding that the initiator and responder expect the PPKs to match for any given PPK_ID (i.e. that there is a very high likelihood that they match). If this assumption is incorrect, please correct me, but if this is the case, in order to perform fewer computations and shrink the size of the initiator message, it may make sense to use N(PPK_IDENTITY) [RFC8784] in the initiator message, and the new N(PPK_IDENTITY_KEY) in the responder message, only for the single PPK the responder has selected. Then, before the initiator sends IKE_AUTH, it can use the confirmation value sent by the responder in N(PPK_IDENTITY_KEY) to check that the PPK values the initiator and responder are using match. (If they do not match, the initiator could send another IKE_INTERMEDIATE containing N(PPK_IDENTITY_KEY)s for each PPK it supports, as currently specified.) Depending on how many PPKs the initiator offers, this may not considerably shrink the message size.
Comment: Update Security Considerations section.
Explanation: The Security Considerations section currently cites RFC 8784. I'd suggest that RFC 9242's security considerations be referenced as well, and I'd suggest repeating some of the security considerations from RFC 9370 that are relevant here- in particular, the second paragraph of RFC 9370 discusses how to ensure quantum resistance in Transform Types 2 and 3- this is worth repeating here, especially in the case that this draft is used independently (without RFC 9370) to provide QR.
In RFC 8784 and RFC 9370, there is discussion of the security of each extension with regard to an active attacker- it may be useful in this draft to extend this discussion here in order to cover 1. the addition of IKE_INTERMEDIATE, 2. the fact that QR is achieved prior to IKE_AUTH (either if this draft is used on its own or in conjunction with RFC 9370), and 3. the fact that authentication is QR (compared to RFC 9370 alone).
- Rebecca
Rebecca Guthrie
she/her
Center for Cybersecurity Standards (CCSS)
Cybersecurity Collaboration Center (CCC)
National Security Agency (NSA)
-----Original Message-----
From: IPsec <ipsec-bounces@ietf.org> On Behalf Of Valery Smyslov
Sent: Friday, April 14, 2023 4:11 AM
To: IPsecME WG <ipsec@ietf.org>
Cc: ipsec-chairs@ietf.org
Subject: Re: [IPsec] New Version Notification for draft-smyslov-ipsecme-ikev2-qr-alt-07.txt
Hi,
a new version of the draft has been published.
It addresses issue with mismatched PPKs and also adds some clarifications on interaction with RFC 8784.
As it was discussed at the IETF116 IPSECME meeting, once the new version is published, a call for adoption would be issued.
Chairs, can you please issue an adoption call?
Regards,
Valery.
> -----Original Message-----
> From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org]
> Sent: Friday, April 14, 2023 10:32 AM
> To: Valery Smyslov
> Subject: New Version Notification for
> draft-smyslov-ipsecme-ikev2-qr-alt-07.txt
>
>
> A new version of I-D, draft-smyslov-ipsecme-ikev2-qr-alt-07.txt
> has been successfully submitted by Valery Smyslov and posted to the
> IETF repository.
>
> Name: draft-smyslov-ipsecme-ikev2-qr-alt
> Revision: 07
> Title: Alternative Approach for Mixing Preshared Keys in IKEv2 for Post-quantum Security
> Document date: 2023-04-14
> Group: Individual Submission
> Pages: 9
> URL: https://www.ietf.org/archive/id/draft-smyslov-ipsecme-ikev2-qr-alt-07.txt
> Status: https://datatracker.ietf.org/doc/draft-smyslov-ipsecme-ikev2-qr-alt/
> Htmlized: https://datatracker.ietf.org/doc/html/draft-smyslov-ipsecme-ikev2-qr-alt
> Diff: https://author-tools.ietf.org/iddiff?url2=draft-smyslov-ipsecme-ikev2-qr-alt-07
>
> Abstract:
> An IKEv2 extension defined in [RFC8784] allows IPsec traffic to be
> protected against someone storing VPN communications today and
> decrypting it later, when (and if) cryptographically relevant quantum
> computers are available. However, this protection doesn't cover an
> initial IKEv2 SA, which might be unacceptable in some scenarios.
> This specification defines an alternative way get protection against
> quantum computers, but unlike the [RFC8784] solution it covers the
> initial IKEv2 SA too.
>
>
>
>
> The IETF Secretariat
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
- Re: [IPsec] New Version Notification for draft-sm… Valery Smyslov
- Re: [IPsec] New Version Notification for draft-sm… Rebecca Guthrie
- Re: [IPsec] New Version Notification for draft-sm… Vukašin Karadžić
- Re: [IPsec] New Version Notification for draft-sm… Paul Wouters
- Re: [IPsec] New Version Notification for draft-sm… Valery Smyslov