Re: [secdir] [IPsec] Adam Roach's Yes on draft-ietf-ipsecme-implicit-iv-07: (with COMMENT)
Alexey Melnikov <alexey.melnikov@isode.com> Mon, 21 October 2019 11:49 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8921E120110; Mon, 21 Oct 2019 04:49:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ClOHCH3A9NSZ; Mon, 21 Oct 2019 04:49:10 -0700 (PDT)
Received: from statler.isode.com (Statler.isode.com [62.232.206.189]) by ietfa.amsl.com (Postfix) with ESMTP id 5F76E120073; Mon, 21 Oct 2019 04:49:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1571658549; d=isode.com; s=june2016; i=@isode.com; bh=BoNaTl9v/GWDnThrCyAE+J5fGT9w6l3JyI4L1Lw/ZOU=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=gn2AlnHSELma7/nA18rH4sAtCPvBb2wK39MAiZkHQnGyNgK2eM/GJgjiYCobeNtIpLjyK1 lsBlvS1jGGyaAdiiYF9W/kDSTs8+yPvIMQQ+E6JS5nwgipdEV1sONug8urTlf+jYS3NPxX mlo3TA9p/RVdwAyktZH4APsZD+ojUSs=;
Received: from [172.20.1.215] (dhcp-215.isode.net [172.20.1.215]) by statler.isode.com (submission channel) via TCP with ESMTPSA id <Xa2bNAB8p6mU@statler.isode.com>; Mon, 21 Oct 2019 12:49:09 +0100
To: Daniel Migault <daniel.migault=40ericsson.com@dmarc.ietf.org>, Adam Roach <adam@nostrum.com>, secdir@ietf.org
Cc: IPsecME WG <ipsec@ietf.org>, ipsecme-chairs@ietf.org, draft-ietf-ipsecme-implicit-iv@ietf.org, The IESG <iesg@ietf.org>
References: <157119428147.28057.3364707659942003352.idtracker@ietfa.amsl.com> <CADZyTk=wf6na2m7+mo-QrLud_8_F6A-8r2CrJ+XVqr4ikS5jSQ@mail.gmail.com> <CADZyTkmRH71-GPm10DcNU7EFh==0dVSx9VvNe28CmA+KmoEOJQ@mail.gmail.com>
From: Alexey Melnikov <alexey.melnikov@isode.com>
Message-ID: <cad0d84a-36db-70ec-9599-1c1b56717fe9@isode.com>
Date: Mon, 21 Oct 2019 12:48:36 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.0
In-Reply-To: <CADZyTkmRH71-GPm10DcNU7EFh==0dVSx9VvNe28CmA+KmoEOJQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------61EAFEF949E1759879E2684A"
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/KjQuouNjtLiKD8uKEW4SakdutJo>
Subject: Re: [secdir] [IPsec] Adam Roach's Yes on draft-ietf-ipsecme-implicit-iv-07: (with COMMENT)
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2019 11:49:14 -0000
Hi Daniel, On 17/10/2019 15:05, Daniel Migault wrote: > Hi, > > Just to make everyone aware, we have issued a new version that we hope > addresses all concerns. > https://tools.ietf.org/html/draft-ietf-ipsecme-implicit-iv-08 Thank you for posting -08 and -09. I just need one more change: IANA pointed out that you removed the name of the registry from the IANA Considerations section. You should add it back, as not having it in the document is confusing. Thank you, Alexey > Yours, > Daniel > > On Tue, Oct 15, 2019 at 11:07 PM Daniel Migault > <daniel.migault@ericsson.com <mailto:daniel.migault@ericsson.com>> wrote: > > Hi Adam, > > Thanks for the feed back. All your comments have been fixed on the > current local version available at: > https://github.com/mglt/draft-mglt-ipsecme-implicit-iv/blob/master/draft-ietf-ipsecme-implicit-iv.txt > > We expect to publish the version tomorrow. > > Yours, > Daniel > > > > On Tue, Oct 15, 2019 at 10:51 PM Adam Roach via Datatracker > <noreply@ietf.org <mailto:noreply@ietf.org>> wrote: > > Adam Roach has entered the following ballot position for > draft-ietf-ipsecme-implicit-iv-07: Yes > > When responding, please keep the subject line intact and reply > to all > email addresses included in the To and CC lines. (Feel free to > cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found > here: > https://datatracker.ietf.org/doc/draft-ietf-ipsecme-implicit-iv/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thanks for the work on this mechanism. I have no substantive > comments > beyond those that have already been shared, although I do have > some > minor editorial comments. > > --------------------------------------------------------------------------- > > §2: > > > In some context, such as IoT, it may be preferable to avoid > carrying > > Nit: "...some contexts..." > > Fixed > > --------------------------------------------------------------------------- > > §5: > > > An initiator supporting this feature SHOULD propose implicit IV > > algorithms in the Transform Type 1 (Encryption Algorithm) > > Substructure of the Proposal Substructure inside the SA > Payload. > > Please expand "SA" on first use. > > Fixed > > --------------------------------------------------------------------------- > > > 7. Security Consideration > > Nit: "Considerations" > > Fixed > > > --------------------------------------------------------------------------- > > §7: > > > extensions ([RFC6311], [RFC7383]) do allow it to repeat, so > there is > > no an easy way to derive unique IV from IKEv2 header fields. > > Nit: "...not an easy way..." > > Fixed > > > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org <mailto:IPsec@ietf.org> > https://www.ietf.org/mailman/listinfo/ipsec > > > _______________________________________________ > secdir mailing list > secdir@ietf.org > https://www.ietf.org/mailman/listinfo/secdir > wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
- Re: [secdir] [IPsec] Adam Roach's Yes on draft-ie… Daniel Migault
- Re: [secdir] [IPsec] Adam Roach's Yes on draft-ie… Alexey Melnikov
- Re: [secdir] [IPsec] Adam Roach's Yes on draft-ie… Daniel Migault