Re: [Lwip] [IPsec] Paul Wouters' Discuss on draft-ietf-lwig-minimal-esp-08: (with DISCUSS and COMMENT)
Paul Wouters <paul.wouters@aiven.io> Mon, 18 July 2022 19:31 UTC
Return-Path: <paul.wouters@aiven.io>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E9EBC14F73E for <lwip@ietfa.amsl.com>; Mon, 18 Jul 2022 12:31:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fQKwWqDko_w5 for <lwip@ietfa.amsl.com>; Mon, 18 Jul 2022 12:31:14 -0700 (PDT)
Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8335C15791D for <lwip@ietf.org>; Mon, 18 Jul 2022 12:31:14 -0700 (PDT)
Received: by mail-ed1-x532.google.com with SMTP id m8so3276323edd.9 for <lwip@ietf.org>; Mon, 18 Jul 2022 12:31:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; h=date:from:to:cc:subject:in-reply-to:message-id:references :mime-version; bh=Dq5N+O8cbBqU05eq3IK0dIJ0EQZ5M+IJbcZ12m9eIuk=; b=EwF58S3g/xXTzm+XL6XmgCPIRy6Xrs01YFr4QF4eGg7XgoZlI1Ra+eEBR4IqPqmtzY AC2Pbd97BVbtSPu5Zkumn+laEA9FbOqpXzpznWQGZdXQEDxJqe73lo0kHTfG6KS8Ohkn y346lUecTrr/SZBSe0viqC0Dbxm1OUXa/Wtoo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:in-reply-to:message-id :references:mime-version; bh=Dq5N+O8cbBqU05eq3IK0dIJ0EQZ5M+IJbcZ12m9eIuk=; b=0CGX2lpXUR/3ohCLidyRKRh369QebZ0ZC5XWPr9Bg0kxgqcwVwI/4t2yjavGLJE6sM 7UqDs6QNJWlStRZPmBCR4PxA2ZNhSPIvuPMAkiVrWzEBtYE+3hzifoz8xyjXqCjns1NQ XpHWm6BMaOwIMRivSiUNeoY0H9LB/FL8X3SpITKRQfEHTIeCOk1fWS5JjeiZvNOqq1wo 1J95fpaVN2QXJokro75Q9hpewNty3G8q4PN9tNeI8ou+gL+W04q8JYMh48EqwTPKy450 UyhIqlYeuoclXVHQ0q6JYtpTG5mepxqicQn7nMkCzxirquMdI5+R35JfX+UiJXmG5k7W tSjw==
X-Gm-Message-State: AJIora9kxVpcES/MUt/L6eJ4ZAIdubtSPlDJyilw0iFpdOg9XxFAXQR9 rg+AljJo/H1dlgYN5yuzV/EK/w==
X-Google-Smtp-Source: AGRyM1s93HL7nL4Qpc+Tr6ZXNMvE6CiUtsVN58O9Wj2ZOxRHFf5MRl79XgfPDwnlyNZSMKKpugW6nw==
X-Received: by 2002:a05:6402:2391:b0:43a:7ecd:5a63 with SMTP id j17-20020a056402239100b0043a7ecd5a63mr39206429eda.235.1658172673219; Mon, 18 Jul 2022 12:31:13 -0700 (PDT)
Received: from bofh.nohats.ca (bofh.nohats.ca. [193.110.157.194]) by smtp.gmail.com with ESMTPSA id 20-20020a170906311400b006feb875503fsm5739898ejx.78.2022.07.18.12.31.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Jul 2022 12:31:12 -0700 (PDT)
Date: Mon, 18 Jul 2022 15:31:08 -0400
From: Paul Wouters <paul.wouters@aiven.io>
To: Daniel Migault <mglt.ietf@gmail.com>
cc: Paul Wouters <paul.wouters@aiven.io>, The IESG <iesg@ietf.org>, lwip@ietf.org, Mohit Sethi <mohit.m.sethi@ericsson.com>, draft-ietf-lwig-minimal-esp@ietf.org, lwig-chairs@ietf.org, IPsecME WG <ipsec@ietf.org>
In-Reply-To: <CADZyTkkw1h9F9pDrAYgQDOQ-BCwiezocMba4H3WUh9qvavmRYA@mail.gmail.com>
Message-ID: <c07734f1-e33c-5aa6-92fd-24938298f3ba@nohats.ca>
References: <164919648646.8778.6947253487684946962@ietfa.amsl.com> <CADZyTkkdXs8tJu_J5M_Yb-VC2SbSECLen_igUrGVGtrNFng6QA@mail.gmail.com> <CAGL5yWb5oaridQzFdxoWQdieNxDb=pOB_5sMCBM+HdgCsn_NeA@mail.gmail.com> <CADZyTkk616G+U5323wBXhR35K=FojD2+V_L5UEv-=6Xzz-A4Tw@mail.gmail.com> <CADZyTkkw1h9F9pDrAYgQDOQ-BCwiezocMba4H3WUh9qvavmRYA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="1858192029-1490355546-1658172672=:27017"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lwip/IReYpolWgV40nNpQSG4rb5N3BE4>
Subject: Re: [Lwip] [IPsec] Paul Wouters' Discuss on draft-ietf-lwig-minimal-esp-08: (with DISCUSS and COMMENT)
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Lightweight IP stack. Official mailing list for IETF LWIG Working Group." <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lwip/>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jul 2022 19:31:19 -0000
On Mon, 18 Jul 2022, Daniel Migault wrote: > My reading of the datatracker is that the document in IESG Evaluation::AD Followup for 117 days. I do not see any follow-up with the following email from > may 25 with the latest changes and believe all concerns have been addressed. I am wondering what prevents the document from being sent to the RFC queue > and if there is anything expected from my side. See my last email to you: Date: Tue, 24 May 2022 11:27:28 From: Paul Wouters <paul@nohats.ca> To: Daniel Migault <mglt.ietf@gmail.com> Subject: draft-ietf-lwig-minimal-esp Hi Daniel, Just a reminder that draft-ietf-lwig-minimal-esp is waiting on actions on your end to resolve the DISCUSS items. While discussing in github is useful, in the end the changes do need to go into a new draft version for the DISCUSS holders to evaluate them. I think the biggest unresolved issue is the SPI one with using just a few bytes and the "indexing" that I still do not understand. Paul The limited SPI numbers and rekeying is still not clear to me. We exchanged a few emails but that did not result in me understanding this. The sequence number discussion mentions the issue of packets falling out of the receive window. We talked about an IKE option/notify to signal this and during that discussion it also came to light that this protocol is going to be used without IKEv2. This leaves an interoprability unaddressed. And since this protocol is also meant to run without IKEv2, there is an issue of only recommending AEAD algorithms that rely on IKEv2 for its security properties. Section 6 talks about Dummy packets but the labeling of the header is a bit misleading into thinking the Next Header behaviour is modified. I had suggested the section to be renamed. > Please find my response to your comments. The current version of the file integrates the language changes as well as changes to address the concerns > of this thread: > > https://github.com/mglt/draft-mglt-lwig-minimal-esp/commit/d7710c19802bdce4c978d71ad303b739e1406f1e We ended up discussing this in email, but that did not end in my understanding. Also, the above commit did not actually make it into the draft yet. It is very hard as AD to keep track of changes that are not in the actual datatracker. Paul
- [Lwip] Paul Wouters' Discuss on draft-ietf-lwig-m… Paul Wouters via Datatracker
- Re: [Lwip] Paul Wouters' Discuss on draft-ietf-lw… Daniel Migault
- Re: [Lwip] Paul Wouters' Discuss on draft-ietf-lw… Daniel Migault
- Re: [Lwip] Paul Wouters' Discuss on draft-ietf-lw… Daniel Migault
- Re: [Lwip] [IPsec] Paul Wouters' Discuss on draft… Paul Wouters
- Re: [Lwip] [IPsec] Paul Wouters' Discuss on draft… Daniel Migault
- Re: [Lwip] [IPsec] Paul Wouters' Discuss on draft… Paul Wouters
- Re: [Lwip] [IPsec] Paul Wouters' Discuss on draft… Daniel Migault
- Re: [Lwip] [IPsec] Paul Wouters' Discuss on draft… Tero Kivinen
- Re: [Lwip] [IPsec] Paul Wouters' Discuss on draft… Daniel Migault