Re: [secdir] Secdir last call review of draft-ietf-ipsecme-qr-ikev2-09
"Valery Smyslov" <valery@smyslov.net> Wed, 25 December 2019 17:29 UTC
Return-Path: <valery@smyslov.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AE1D1200DF; Wed, 25 Dec 2019 09:29:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=smyslov.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 44Ni8lmLNJLz; Wed, 25 Dec 2019 09:29:13 -0800 (PST)
Received: from direct.host-care.com (direct.host-care.com [198.136.54.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 110461200DB; Wed, 25 Dec 2019 09:29:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=smyslov.net ; s=default; h=Content-Type:MIME-Version:Message-ID:Date:Subject:In-Reply-To: References:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=rneZ+KmZPXE4LNeYoWlRDPfmgdao61WBWS1cvip/e7g=; b=sXPMNhDcsH8kXXduLuJ5ZuF/y6 N3u4q52nwAdad7OKHfQ9HaFkhn6IDpvltKtB9jLIInHBriMHCuenH6Sp0DO5j3wJ13GBP2NShfYi3 zJGPLYVEjHmQBjxYSuoTpXLNvgwaJnY3cCysrdNp0uhdyp3ZskNBGl4pW1owStzdDAIfyY0dUuRn7 4hLmphp81XiQxH409bhhg0iDc5lbiXBpnKh/3PrOV85zl8laxAeVUFjIGzUUia/X8GO/+JZaBlUZ9 0fJ++wYIxWnsAHTH2BCMnQnjOzZOhwxQYfgIX1mKhjbKpXwpzvquwfxKmKkvWhUkA1vea/WkGdXZO LnkVBc7A==;
Received: from 95-27-147-103.broadband.corbina.ru ([95.27.147.103]:49183 helo=chichi) by direct.host-care.com with esmtpsa (TLSv1:ECDHE-RSA-AES256-SHA:256) (Exim 4.92) (envelope-from <valery@smyslov.net>) id 1ikAT7-0003Pr-PW; Wed, 25 Dec 2019 12:29:10 -0500
From: Valery Smyslov <valery@smyslov.net>
To: 'Watson Ladd' <watsonbladd@gmail.com>, 'Uri Blumenthal' <uri@mit.edu>
Cc: ipsec@ietf.org, last-call@ietf.org, 'secdir' <secdir@ietf.org>, draft-ietf-ipsecme-qr-ikev2.all@ietf.org, 'Valery Smyslov' <svan@elvis.ru>
References: <02c101d5baef$de2cdd90$9a8698b0$@elvis.ru> <70FA58C0-97E1-4F76-B88B-A28101A46069@mit.edu> <CACsn0c=ijpHWR2kBiSAraniuB3vKdEaixahXkiU0Mh6xvUMSQg@mail.gmail.com>
In-Reply-To: <CACsn0c=ijpHWR2kBiSAraniuB3vKdEaixahXkiU0Mh6xvUMSQg@mail.gmail.com>
Date: Wed, 25 Dec 2019 20:29:04 +0300
Message-ID: <003901d5bb48$cfc21460$6f463d20$@smyslov.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_003A_01D5BB61.F511BD60"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQD4j+CcA1FUw/w7bryPcykwDxxYVgHNoREJAqKWLLmpYe92IA==
Content-Language: ru
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - direct.host-care.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - smyslov.net
X-Get-Message-Sender-Via: direct.host-care.com: authenticated_id: valery@smyslov.net
X-Authenticated-Sender: direct.host-care.com: valery@smyslov.net
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/0duuy2MJ2RBz01WAG5ibF038cJs>
Subject: Re: [secdir] Secdir last call review of draft-ietf-ipsecme-qr-ikev2-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Dec 2019 17:29:16 -0000
On Wed, Dec 25, 2019 at 3:57 AM Uri Blumenthal < <mailto:uri@mit.edu> uri@mit.edu> wrote: NIST standards are mandatory for a subset of US citizens. But enough of businesses outside the US pay attention to what NIST says to make adding the reference relevant and useful. It's not about standards, it's about the competition and the relevant security level definitions. Not that I feel strongly about it, just a suggestion.. Then I'm a bit confused. What competition do you mean? Regards, Valery. On Dec 25, 2019, at 01:52, Valery Smyslov <svan@elvis.ru> wrote: Hi Watson, thank you for spending your time on this review in Christmas Eve. The capitalization issue has been already noticed and fixed. I’m not sure the draft should mention NIST levels, because they are relevant mostly for US customers. I think that generic recommendations on key sizes are more appropriate for this document. Regards, Valery. Damn misclick. I meant With Nits. On Tue, Dec 24, 2019 at 8:02 PM Watson Ladd via Datatracker <noreply@ietf.org> wrote: Reviewer: Watson Ladd Review result: Not Ready Twas the night before Christmas when all through the house someone was desperately trying to get a review done on time. I didn't see anything wrong per se in the draft itself, but I found the capitalization of quantum computer an odd choice. IKEv2 is a complicated protocol, and I am not 100% sure that this draft does what we want it to: It would be great if someone could check very carefully in some symbolic model, ala what has been done in TLS. The guidance on sizes seems to rule out NIST level 1, but not any higher levels: might be worth calling out this explicitly. _______________________________________________ secdir mailing list secdir@ietf.org https://www.ietf.org/mailman/listinfo/secdir wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview -- "Man is born free, but everywhere he is in chains". --Rousseau. _______________________________________________ secdir mailing list secdir@ietf.org https://www.ietf.org/mailman/listinfo/secdir wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview -- "Man is born free, but everywhere he is in chains". --Rousseau..
- [secdir] Secdir last call review of draft-ietf-ip… Watson Ladd via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Watson Ladd
- Re: [secdir] Secdir last call review of draft-iet… Valery Smyslov
- Re: [secdir] Secdir last call review of draft-iet… Uri Blumenthal
- Re: [secdir] Secdir last call review of draft-iet… Watson Ladd
- Re: [secdir] Secdir last call review of draft-iet… Watson Ladd
- Re: [secdir] Secdir last call review of draft-iet… Valery Smyslov
- Re: [secdir] Secdir last call review of draft-iet… Uri Blumenthal
- Re: [secdir] Secdir last call review of draft-iet… Valery Smyslov
- Re: [secdir] Secdir last call review of draft-iet… Valery Smyslov
- Re: [secdir] [Last-Call] Secdir last call review … Paul Wouters
- Re: [secdir] [Last-Call] Secdir last call review … R. Atkinson
- Re: [secdir] [IPsec] [Last-Call] Secdir last call… Panos Kampanakis (pkampana)