Re: [Lwip] [IPsec] draft-ietf-lwig-minimal-esp shepherd writeup

Paul Wouters <paul@nohats.ca> Mon, 22 March 2021 14:03 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 272773A15AC; Mon, 22 Mar 2021 07:03:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.197
X-Spam-Level:
X-Spam-Status: No, score=-0.197 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PyitzsAcPi0V; Mon, 22 Mar 2021 07:03:35 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED3453A15B1; Mon, 22 Mar 2021 07:03:34 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4F3x6m1Snvz1qR; Mon, 22 Mar 2021 15:03:28 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1616421808; bh=O7oPtWtyYSiCtYWDAmfiwQE/h1hcug9IdAnRdHRtmVQ=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=ikQVzt5Abnb3Ng++ea2b/8ctBoWhsxMbGOpohX4ehiL9m9P7kDhVyIqJU+iTinUd1 3nNqrhSdXMxaFN8/t3SUJmDpDN41MNTm3qfTEesT1kbQsRl4fj7JZ8SqOIYqSFwE2J vfrlxNR2nlFvFVhnvLzy9MCRTDP9Cz8fF+n8sMzg=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id xZqmEgQCCdbJ; Mon, 22 Mar 2021 15:03:26 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Mon, 22 Mar 2021 15:03:26 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 9539C6029B62; Mon, 22 Mar 2021 10:03:25 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 8C7666FD7F; Mon, 22 Mar 2021 10:03:25 -0400 (EDT)
Date: Mon, 22 Mar 2021 10:03:25 -0400
From: Paul Wouters <paul@nohats.ca>
To: Mohit Sethi M <mohit.m.sethi=40ericsson.com@dmarc.ietf.org>
cc: Daniel Migault <mglt.ietf@gmail.com>, "ipsec@ietf.org" <ipsec@ietf.org>, "lwip@ietf.org" <lwip@ietf.org>, "ipsecme-chairs@ietf.org" <ipsecme-chairs@ietf.org>, Benjamin Kaduk <kaduk@mit.edu>, Erik Kline <ek.ietf@gmail.com>
In-Reply-To: <1fc47361-bb69-27a8-ce1d-5f5a27bfe309@ericsson.com>
Message-ID: <ecfcd2ab-237-64f-1fc0-147c8e3c22e0@nohats.ca>
References: <67654664-717b-1017-707b-0b4dfde52d24@ericsson.com> <CADZyTkkgCiy9hf7DE42oGd-5Mw3pjVB3_Y89U8KovxNctQBWZw@mail.gmail.com> <cea14f52-52bb-6f3f-1266-a457978dd43@nohats.ca> <1fc47361-bb69-27a8-ce1d-5f5a27bfe309@ericsson.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lwip/JMPTGmLJ2iI1fkxVY2U6GDKFIww>
Subject: Re: [Lwip] [IPsec] draft-ietf-lwig-minimal-esp shepherd writeup
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Lightweight IP stack. Official mailing list for IETF LWIG Working Group." <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lwip/>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Mar 2021 14:03:39 -0000

On Mon, 22 Mar 2021, Mohit Sethi M wrote:

> Adding Ben (IPsecME AD) and Erik (LWIG AD) to the CC list for an early heads up.
> 
> Thanks for reviewing the document. I'll let the authors provide answers to your review.
> 
> On the procedural side of things: this document is within the LWIG charter (https://datatracker.ietf.org/wg/lwig/charter/) and follows the path taken by Minimal IKEv2 which was also completed in LWIG as RFC
> 7815 (https://datatracker.ietf.org/doc/rfc7815/).
> 
> During the call for adoption, there was a general consensus to proceed in LWIG while keeping close contacts with IPsecME (as well as an agreement to issue a joint last call). Tero
> (https://mailarchive.ietf.org/arch/msg/lwip/Shf2oUKvtIsb0uzY2zRwuBurm58/), Valery (https://mailarchive.ietf.org/arch/msg/lwip/p1i4hZBjn7PD3ksS9kh8C0ouUOU/) and Scott
> (https://mailarchive.ietf.org/arch/msg/lwip/dF3eZXG8GTV-o7aH4BnFk2zlR6c/) for example provided reviews of the draft.

Thanks for the write up here.

> I think your comments during the adoption (https://mailarchive.ietf.org/arch/msg/lwip/xDcICiuALZ2ExF3qwRCnhCQC3A0/) did not argue moving this draft to IPsecME (unless I missed something):
> 
> If the document is defining a minimum/battery optimized ESP
> configuartion, I have no problems with it and I will review further
> text and welcome adoption. If it makes changes to the ESP protocol,
> then I think there should be more discussion before adoption.
> 
> Paul

I said that, but I think I am seeing changes to the ESP algorithm that
basically constitute a change to the ESP protocol. Furthermore, a bunch
of advise negating the advise in RFC 8223. And I still haven't heard
a justfication of some issues I raised either. Such as the doing a
full IKE exchange yet not being able to generate 4 bytes of random?

> That being said, I am not fundamentally opposed to moving this document to IPsecME. However, it is important to consider that the document has already had a relatively long lifecycle in LWIG.

After you references I had given feedback, I went back and read that
message. I totally forgot I did that two years ago. But all the issues
I raised back then are still there unresolved.

Paul