IETF Logo Mail Archive

Re: [karp] I-D Action: draft-ietf-karp-crypto-key-table-04.txt

Russ Housley <housley@vigilsec.com> Sat, 27 October 2012 03:52 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: karp@ietfa.amsl.com
Delivered-To: karp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01FA921F86A9 for <karp@ietfa.amsl.com>; Fri, 26 Oct 2012 20:52:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.549
X-Spam-Level:
X-Spam-Status: No, score=-102.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bcdoA4ssfMtI for <karp@ietfa.amsl.com>; Fri, 26 Oct 2012 20:52:43 -0700 (PDT)
Received: from odin.smetech.net (mail.smetech.net [208.254.26.82]) by ietfa.amsl.com (Postfix) with ESMTP id 5F2F821F8698 for <karp@ietf.org>; Fri, 26 Oct 2012 20:52:43 -0700 (PDT)
Received: from localhost (unknown [208.254.26.81]) by odin.smetech.net (Postfix) with ESMTP id 89A9D9A4005; Fri, 26 Oct 2012 23:52:52 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([208.254.26.82]) by localhost (ronin.smetech.net [208.254.26.81]) (amavisd-new, port 10024) with ESMTP id AFuTsMQGJcMf; Fri, 26 Oct 2012 23:52:41 -0400 (EDT)
Received: from [192.168.2.100] (pool-96-255-37-162.washdc.fios.verizon.net [96.255.37.162]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 849319A4001; Fri, 26 Oct 2012 23:52:51 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset="us-ascii"
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <5089D7F0.4030806@joelhalpern.com>
Date: Fri, 26 Oct 2012 23:52:40 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <5EA64BEF-6900-4555-8C79-C26DA0DF342C@vigilsec.com>
References: <20121022225043.25241.45532.idtracker@ietfa.amsl.com> <1B502206DFA0C544B7A6046915200863011C81@EUSAAMB105.ericsson.se> <4C84D429-416F-4A63-9C83-DA16EF243026@vigilsec.com> <1B502206DFA0C544B7A6046915200863011CD1@EUSAAMB105.ericsson.se> <0A63E924-E20D-4C94-89C2-508724EC975A@vigilsec.com> <380B8A70-0910-43B6-980A-8CCAD8731DDC@cisco.com> <5089D7F0.4030806@joelhalpern.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
X-Mailer: Apple Mail (2.1085)
Cc: "karp@ietf.org" <karp@ietf.org>
Subject: Re: [karp] I-D Action: draft-ietf-karp-crypto-key-table-04.txt
X-BeenThere: karp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion list for key management for routing and transport protocols <karp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/karp>, <mailto:karp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/karp>
List-Post: <mailto:karp@ietf.org>
List-Help: <mailto:karp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/karp>, <mailto:karp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Oct 2012 03:52:44 -0000

Can we handle this as a WG Last Call comment?


On Oct 25, 2012, at 8:23 PM, Joel M. Halpern wrote:

> Should we be clearer somewhere that inapplicable fields may be omitted? (it is a conceptual table, I think we can allow conceptually optional elements.)
> Yours,
> Joel
> 
> On 10/25/2012 7:24 PM, Brian Weis wrote:
>> Hi Russ,
>> 
>> On Oct 23, 2012, at 3:32 PM, Russ Housley wrote:
>> 
>>> Uma:
>>> 
>>>>>>>>> I have worked through the use of pairwise keys (used in just one direction or both directions)
>>>>>>>>> as well as multicast keys.  The current table supports all of these cases. I do not understand
>>>>>>>>> why you want two separate tables.  Clearly, you are thinking about this differently than I am.
>>>>>>>>> Can you explain how two tables will make implementation easier?
>>>> 
>>>> [Uma]:  Let's focus on only from the key life time perspective. Some IGPs do require life times in the
>>>>       specified format to make key transition easier.  But, I don't see how to fit these 4 parameters
>>>>       for pair wise keys. For e.g. for TCP based pair-wise keys, when new master key is negotiated by
>>>>       KMP, TCP-AO makes coordinated key transition with the peer. Not at all based on the key table
>>>>       time entries specified. In that sense the entries defined today useful and enable protocols
>>>>       e.g., group-key RPs, who don't have a defined way of key transition and more over do security
>>>>       by themselves (make sense there).
>>>> 
>>>>       Now, I stepped back to think on how to use for pair-wise protocols and not able to connect the
>>>>       dots here. Do you see these are operator inputs or KMP negotiated and how one would use these entries?
>>> 
>>> You will note that earlier drafts only had notBefore and notAfter.  The additional one were added because some IGPs need them.
>>> 
>>> I see no way to move forward and address both comments.
>> 
>> The draft appears to be silent as to whether fields in the key table are required, but my belief is that not all fields are required to be used for all keys. As such, if a KMP for TCP-AO adds a row to the key table, and some fields in that row are not required, then it simply does not need to specify their use. Is that not correct?
>> 
>> Thanks,
>> Brian
>> 
>>> Russ
>>> _______________________________________________
>>> karp mailing list
>>> karp@ietf.org
>>> https://www.ietf.org/mailman/listinfo/karp
>> 
>>

v2.23.0 | Report a Bug | By Email