Re: [Secdispatch] Controller-IKE

Yoav Nir <> Thu, 08 August 2019 05:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C179A12004A for <>; Wed, 7 Aug 2019 22:17:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id VSxLod57o1Gl for <>; Wed, 7 Aug 2019 22:17:05 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::82d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3CAC112000E for <>; Wed, 7 Aug 2019 22:17:05 -0700 (PDT)
Received: by with SMTP id n11so90878092qtl.5 for <>; Wed, 07 Aug 2019 22:17:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=in-reply-to:references:thread-topic:user-agent:mime-version :content-transfer-encoding:subject:from:date:to:cc:message-id; bh=V8gyVSE/65XmPq7pxZH1ORcytPjFZu6YsdrUXUwOkqc=; b=BmnzAP2W3ejnW2NAT8g7ODBi0WwoxVY5f2lBwZryUMDyeZ8MnPQqdsPEghwnjIFctn x6z1FN3W+F5pO/6/U5+/kHuRWjKbGwRktP97yZs7EpcfeEGMVsJqHaciiEvZhICU1FJW G8qG0+2yKpa/l3ynJHqAHB5halWLVVKiJ8mwxFap5xOMpkUk9gLJZfBneZ4vDtVZUCjK nsvyP6QjRQ1FwsWleCF1FzF6dJXNgT2Wer3sAJqjE31rR0rFMVgVlTd0RtaoRW+VxPtE 04ALEb+Fi4Kzt2mtY/FK7kVNIwlj6ZjGD3DiOmkbJMrq8IjFU0L/BYsEtc4+y83D1iJi BlEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:in-reply-to:references:thread-topic:user-agent :mime-version:content-transfer-encoding:subject:from:date:to:cc :message-id; bh=V8gyVSE/65XmPq7pxZH1ORcytPjFZu6YsdrUXUwOkqc=; b=aNvAYNfRo3G+5WA1A+zoacZY/U9Lm5fciwRdwDFdWd4O6gQ/B2BZpc+qNiATv7tAyE leSNhGTnV2WX9P+240OxtU4l226FqFmsCfJPwn4u24z8ANXXeCuBsupLgaGw8qCq6Jh+ s0sqMQ9dqgWNg89/7KjvaF2dnYBNdWWa3+tFeNL5CO5cYKhazxdDC1YxRJhMZWyfvkav s8Vhg80Hi2SxMsMMAEnZ3H6J2L35wQO8EAczWDYqNWwrSbvGiedKuvLhOiKPWx6bljz3 S4vgG4rjlymHivo08tjAxDf2Qzt8RemTmnI14vlgilMPvGjI33+ezfLIRi0uHQKOnWj9 DWeQ==
X-Gm-Message-State: APjAAAUkLcuYrPYpSFPUnT9DocoLT9LzMagxXaZwTrl0wggMMQ7NyaI2 Ee8nhzAWdoCQkyIoaLtogL4=
X-Google-Smtp-Source: APXvYqwlx7eCc1kVpjKtcIMdniU4TybY9qz8vtjWk9WYTrDO6ncBd39/LTfkewzL7uzCuWoltHgrnA==
X-Received: by 2002:a0c:d0ab:: with SMTP id z40mr11831747qvg.216.1565241424230; Wed, 07 Aug 2019 22:17:04 -0700 (PDT)
Received: from [] ([]) by with ESMTPSA id p23sm41010529qke.44.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Aug 2019 22:17:02 -0700 (PDT)
In-Reply-To: <>
References: <> <> <>
X-Referenced-Uid: 67274
Thread-Topic: Re: [Secdispatch] Controller-IKE
User-Agent: Android
X-Is-Generated-Message-Id: true
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----K6I3GCZE17XLTPAN1CK461TDGLO7RL"
Content-Transfer-Encoding: 7bit
X-Local-Message-Id: <>
From: Yoav Nir <>
Date: Thu, 08 Aug 2019 08:16:58 +0300
To: Michael Richardson <>
CC: Kathleen Moriarty <>,
Message-ID: <>
Archived-At: <>
Subject: Re: [Secdispatch] Controller-IKE
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 08 Aug 2019 05:17:08 -0000

Hi, Michael 

I2NSF did turn down this draft. 

Ultimately it just didn't get enough support for adoption, but one of the arguments against it was that it was a middle ground between the IKE and IKE-less cases. 

⁣Sent from my phone ​

-------- Original Message --------
From: Michael Richardson <>
Sent: Thu Aug 08 05:44:10 GMT+03:00 2019
To: Kathleen Moriarty <>om>,
Subject: Re: [Secdispatch] Controller-IKE

On 2019-07-22 10:28 a.m., Kathleen Moriarty wrote:
> Hi David,
> Could you please explain how this is different from the adopted work in 
> I2NSF, 
> ?
> This is referenced in your draft along with one another, but there is no 
> analysis on why they don't fit the need.  The draft in I2NSF pulled in 
> the IPsecMe working group and underwent significant revisions as a 
> result to deal with several initial security issues.  If there 's a gap 
> that can be solved with that draft, could that be a way forward or is 
> this needed for some specific reason?  It would be helpful to understand 
> this.

I read David's response.
I'm still unclear if I2NSF turned down this work or what?
Is there a conclusion from secdispatch at this point?

Secdispatch mailing list