Re: [karp] Comment on draft-mahesh-karp-rkmp

Mahesh Jethanandani <> Fri, 06 December 2013 06:04 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id EF1201AE2C8 for <>; Thu, 5 Dec 2013 22:04:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.6
X-Spam-Status: No, score=-0.6 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 4Lw9Ado9ciew for <>; Thu, 5 Dec 2013 22:04:21 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:400d:c00::236]) by (Postfix) with ESMTP id DB9041AE234 for <>; Thu, 5 Dec 2013 22:04:20 -0800 (PST)
Received: by with SMTP id f11so277358qae.20 for <>; Thu, 05 Dec 2013 22:04:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=qHsrDRuiM/63h7V3tGX6Hf7AJ8UdpU70QvodN10QuQk=; b=MwZcsYZNkputCTWvqlluNuulffDeDNL/pLIW5aS8MaMANcfKm26nNc7MQnogEhZb93 Gx+y0weWhhzqah9rOCckVsB9myQArX4sXrhRyS/LkMhBCBuFmvikHXIQ+SKrCa5nAGpH 2rO3SyoK2rs5J8RZ5YAPjAe0sTnYA+tRRWk3oV7/okaxGimrzmHOgSZS3w13ua9PnRMn MgcJIfGlgO/saJXOymJPpGX8ITXS/E594bfu0J6Ba6x+6zlXz6NOjj2KgkeqMYw2UZad 4dIGo26EA08EFKDnDMiWytIoEhDALJVx9ViejOLXnxIWgZH4Iu4Y4f/SD+5bhJ8Gl4WC 5/gg==
X-Received: by with SMTP id h1mr3073459qcs.14.1386309857118; Thu, 05 Dec 2013 22:04:17 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id a5sm145096350qae.2.2013. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 05 Dec 2013 22:04:16 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v1085)
Content-Type: text/plain; charset=us-ascii
From: Mahesh Jethanandani <>
In-Reply-To: <>
Date: Thu, 5 Dec 2013 22:04:14 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <>
To: William Atwood <>
X-Mailer: Apple Mail (2.1085)
Cc: KARP Working Group <>
Subject: Re: [karp] Comment on draft-mahesh-karp-rkmp
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion list for key management for routing and transport protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 06 Dec 2013 06:04:24 -0000


You are correct in assuming that the document is defining new extensions to IKEv2 and new semantics for child SA. 

Will rephrase the rest of the document to reflect that.

On Nov 26, 2013, at 12:01 PM, William Atwood wrote:

> I have been reading draft-mahesh-karp-rkmp, and I am puzzled by several
> issues.  I discuss the first issue below.  Once I understand what is
> intended by the authors, I expect to raise the other issues.  (The way
> in which I will phrase these issues may depend on the answer to the
> first issue.)
> From the name of the draft, I had always assumed that the document was
> talking about a "new" Key Management Protocol, called RKMP.  However,
> the key phrase in the first paragraph is "defines a mechanism to secure
> such pairwise Routing Protocol (RP) associations using IKEv2 [RFC5996]".
> After the introduction, the document discusses how the exchanges build
> on the messages and exchange formats of IKEv2: where the semantics are
> the same, and where the semantics differ.  To my mind, given the
> different semantics, the "new" protocol is _not_ IKEv2.  However, the
> following text continues to speak of "invoking IKEv2", which would seem
> to me to imply "invoking unmodified IKEv2".  However, unmodified IKEv2
> has the wrong semantics for what happens to a child SA when the parent
> IKEv2 SA is destroyed.
> I suspect that what is really happening here is that
> draft-mahesh-karp-rkmp is defining _extensions_ to IKEv2, and new
> semantics for child SAs when those extensions are used.  The material in
> Section 6 seems to support this view.
> If this is so, then I suggest that Section 1 needs to be lightly
> re-written to make it clear that the document is proposing extensions to
> IKEv2, and that references to "IKEv2" in the subsequent text are
> references to the extended IKEv2.
> Comments from the authors (and anyone else) will be appreciated.  I need
> to understand what is actually intended here before I can comment
> properly on the rest of the document.
>  Bill
> -- 
> Dr. J.W. Atwood, Eng.             tel:   +1 (514) 848-2424 x3046
> Distinguished Professor Emeritus  fax:   +1 (514) 848-2830
> Department of Computer Science
>   and Software Engineering
> Concordia University EV 3.185
> 1455 de Maisonneuve Blvd. West
> Montreal, Quebec Canada H3G 1M8
> _______________________________________________
> karp mailing list

Mahesh Jethanandani