From cathie-riespunt@NesiCPA.Com Fri Feb 1 01:39:23 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 049FA3A6843 for ; Fri, 1 Feb 2008 01:39:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: YES X-Spam-Score: 87.949 X-Spam-Level: **************************************************************** X-Spam-Status: Yes, score=87.949 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DOS_OE_TO_MX=2.75, HTML_MESSAGE=1, J_CHICKENPOX_12=0.6, MANGLED_DICK=2.3, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, SARE_SUB_MEDICAL_NEWS=0.756, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10] X-Spam-Report: * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.0000] * 0.6 J_CHICKENPOX_12 BODY: 1alpha-pock-2alpha * 2.3 MANGLED_DICK BODY: mangled dick * 1.0 HTML_MESSAGE BODY: HTML included in message * 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level * above 50% * [cf: 100] * 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) * 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level * above 50% * [cf: 100] * 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% * [cf: 100] * 20 URIBL_BLACK Contains an URL listed in the URIBL blacklist * [URIs: cleapie.com] * 10 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist * [URIs: cleapie.com] * 10 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist * [URIs: cleapie.com] * 10 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist * [URIs: cleapie.com] * 10 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist * [URIs: cleapie.com] * 10 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist * [URIs: cleapie.com] * 1.1 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread) * [URIs: cleapie.com] * 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net * [Blocked - see ] * 0.8 SARE_SUB_MEDICAL_NEWS Spammer subject - medical * 2.8 DOS_OE_TO_MX Delivered direct to MX with OE headers Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w-twE0KhPjMk for ; Fri, 1 Feb 2008 01:39:22 -0800 (PST) Received: from mail.mssteelcorp.com (mail.mssteelcorp.com [66.170.52.58]) by core3.amsl.com (Postfix) with ESMTP id 0AFB83A6832 for ; Fri, 1 Feb 2008 01:39:21 -0800 (PST) Message-ID: <000801c864b6$57e6fb40$3a34aa42@comp51> From: "cathie Lescarbeau" To: ipsec-archive@lists.ietf.org Subject: ***SPAM*** 87.949 (5) A revolutionary medical discovery has been made Find out more here Date: Fri, 1 Feb 2008 04:39:30 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--------=_NextPart_000_0004_01C8648C.6F10F340" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 ----------=_NextPart_000_0004_01C8648C.6F10F340 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Evenings alone are a thing of the past with your brand new huge d1ck ----------=_NextPart_000_0004_01C8648C.6F10F340 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Evenings alone are a thing of the = past with=20 your brand new huge d1ck ----------=_NextPart_000_0004_01C8648C.6F10F340-- From jraines@cpmg.org Fri Feb 1 02:52:34 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 49F213A68F9 for ; Fri, 1 Feb 2008 02:52:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: YES X-Spam-Score: 116.052 X-Spam-Level: **************************************************************** X-Spam-Status: Yes, score=116.052 tagged_above=-999 required=5 tests=[AWL=-4.241, BAYES_99=3.5, FB_PENIS=1.66, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FRT_PENIS1=3.592, HELO_DYNAMIC_IPADDR2=4.395, HELO_DYNAMIC_SPLIT_IP=3.493, HELO_EQ_IP_ADDR=1.119, HOST_EQ_USERONOCOM=1.444, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=1, HTML_SHORT_LINK_IMG_3=0.001, J_CHICKENPOX_31=0.6, MANGLED_ENLARG=2.3, MANGLED_ENLGMN=5, MANGLED_PENIS=2.3, NORMAL_HTTP_TO_IP=0.001, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_FORGED_WROTE=2.523, RCVD_FORGED_WROTE2=4.325, RCVD_IN_DSBL=0.961, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RCVD_NUMERIC_HELO=2.067, RDNS_DYNAMIC=0.1, SARE_ADLTOBFU=0.68, SARE_HTML_A_BODY=0.742, TVD_RCVD_IP=1.931, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10, XMAILER_MIMEOLE_OL_8627E=3.462] X-Spam-Report: * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.0000] * 1.4 HOST_EQ_USERONOCOM HOST_EQ_USERONOCOM * 0.8 FH_HOST_EQ_D_D_D_D Host starts with d-d-d-d * 3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split * IP) * 1.1 HELO_EQ_IP_ADDR HELO using IP Address (not private) * 0.9 FH_HOST_EQ_D_D_D_DB Host is d-d-d-d * 4.4 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr * 2) * 4.3 RCVD_FORGED_WROTE2 RCVD_FORGED_WROTE2 * 1.9 TVD_RCVD_IP TVD_RCVD_IP * 2.5 RCVD_FORGED_WROTE Forged 'Received' header found ('wrote:' spam) * 2.1 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO * 2.3 MANGLED_PENIS BODY: mangled - Penis * 0.7 SARE_ADLTOBFU BODY: Contains OBFU adult material * 3.6 FRT_PENIS1 BODY: ReplaceTags: Penis * 5.0 MANGLED_ENLGMN BODY: mangled enlargement * 1.7 FB_PENIS BODY: FB_PENIS * 2.3 MANGLED_ENLARG BODY: mangled enlarge(r|s) * 0.6 J_CHICKENPOX_31 BODY: 3alpha-pock-1alpha * 0.0 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL * 1.5 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words * 1.0 HTML_MESSAGE BODY: HTML included in message * 0.7 SARE_HTML_A_BODY FULL: Message body has very strange HTML sequence * 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level * above 50% * [cf: 100] * 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) * 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level * above 50% * [cf: 100] * 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% * [cf: 100] * 20 URIBL_BLACK Contains an URL listed in the URIBL blacklist * [URIs: khuttjine.com] * 10 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist * [URIs: khuttjine.com] * 10 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist * [URIs: khuttjine.com] * 10 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist * [URIs: khuttjine.com] * 10 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist * [URIs: khuttjine.com] * 1.1 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread) * [URIs: khuttjine.com] * 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address * [81.172.36.58 listed in dnsbl.sorbs.net] * 1.0 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org * [] * 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL * [81.172.36.58 listed in zen.spamhaus.org] * 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL * 0.0 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image * 3.5 XMAILER_MIMEOLE_OL_8627E XMAILER_MIMEOLE_OL_8627E * 0.1 RDNS_DYNAMIC Delivered to trusted network by host with * dynamic-looking rDNS * -4.2 AWL AWL: From: address is in the auto white-list Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FFsr-9E55Twt for ; Fri, 1 Feb 2008 02:52:33 -0800 (PST) Received: from 81.172.36.58.dyn.user.ono.com (81.172.36.58.dyn.user.ono.com [81.172.36.58]) by core3.amsl.com (Postfix) with SMTP id 2D2A33A6902 for ; Fri, 1 Feb 2008 02:52:31 -0800 (PST) Received: from 64.131.63.4 (HELO mx2.usfamily.net) by lists.ietf.org with esmtp (YVOMQYEQSAJR BRZHR) id UV0C3I-Emj6Cu-hn for ipsec-archive@lists.ietf.org; Fri, 01 Feb 2008 11:52:50 +0100 Message-ID: <072901c864c0$96abd080$3a24ac51@Christoper> From: "Christoper Calderon" To: "Anibal Rosa" Subject: ***SPAM*** 116.052 (5) More delight and enjoyment Date: Fri, 01 Feb 2008 11:52:50 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_1831_0791_01C864C8.F8703880" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1437 This is a multi-part message in MIME format. ------=_NextPart_1831_0791_01C864C8.F8703880 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable In just a few short weeks, you`ll watch with amazement=20 as your pen!s grows into the biggest, thickest, hardest, and most powerfu= l tool=20 you`ve ever imagined - the one you`ve constantly wanted about=20 having! No pen!s en`l@rgement system is faster, easier to use, or=20 more effective than VPXL+ - FOREVER}! VPXL+ IS GUARANTEED TO EN`L@RGE & STRENGTHEN YOUR=20 PEN|S OR YOUR MONEY BACK - PERIOD! SO WHY WAIT? GET=20 VPXL+ AND LIVE LARGE TODAY! CHECK THIS OFFER TO GAIN THE LONGEST AND HARDEST PHALLUS IN THIS YEAR! http://khuttjine=2Ecom/ 1969=2E The fund was structured in such a way that Soros could usenew bro= kerage firm regulations came into force, which did not74 big thoughts, using five-dollar words that most of the other fellows inFe= w investors have been able to acquire access to this club in the ------=_NextPart_1831_0791_01C864C8.F8703880 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable
#1 DOCTOR RECOMMENDED PEN|S EN'L@RGEMENT = FORMULA!

In = just a few short weeks, you`ll watch with amazement as your pen!s
grows into the biggest, thickest, hardest, and most powerf= ul tool
you`ve ever imagined - the one you`ve constantly wanted about=
having! No pen!s en`l@rgement system is faster, easier to use, or more effective than VPXL+ - FOREVER!

VPXL+ IS GUARANTEED TO EN`L@RGE & STRENGTHEN YOUR
PEN|S OR YOUR MONEY BACK= - PERIOD! SO WHY WAIT? GET
VPXL+ AND LIVE LARGE TODAY!

CHECK THIS OFFER TO GAIN THE LONGEST AND HARDEST PHAL= LUS IN THIS YEAR!


times he didnt even tell Marquez when the two worked toget= her into be around the dealing room, but he also saw value in getting awa= y
gains taxes=2E1969=2E The fund was structured in such a way that Sor= os could use
new brokerage firm regulations came into force, which did= not74
big thoughts, using five-dollar words that most of the other fe= llows inFew investors have been able to acquire access to this club in th= e ------=_NextPart_1831_0791_01C864C8.F8703880-- From gordanjihong33@dimaks.com Fri Feb 1 04:35:23 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8F8DC3A687A for ; Fri, 1 Feb 2008 04:35:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: YES X-Spam-Score: 97.466 X-Spam-Level: **************************************************************** X-Spam-Status: Yes, score=97.466 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DOS_OE_TO_MX=2.75, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, GB_ROLEX=5, HELO_DYNAMIC_IPADDR=2.426, PRICES_ARE_AFFORDABLE=0.001, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SORBS_WEB=0.619, RDNS_DYNAMIC=0.1, SARE_SPEC_ROLEX=1.666, URIBL_AB_SURBL=10, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_RHS_DOB=1.083, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10] X-Spam-Report: * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.0000] * 0.8 FH_HOST_EQ_D_D_D_D Host starts with d-d-d-d * 2.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr * 1) * 1.6 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d * 0.0 PRICES_ARE_AFFORDABLE BODY: Message says that prices aren't too * expensive * 5.0 GB_ROLEX BODY: I don't need a new watch! * 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level * above 50% * [cf: 100] * 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) * 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level * above 50% * [cf: 100] * 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% * [cf: 100] * 20 URIBL_BLACK Contains an URL listed in the URIBL blacklist * [URIs: tankseat.com] * 10 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist * [URIs: tankseat.com] * 10 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist * [URIs: tankseat.com] * 10 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist * [URIs: tankseat.com] * 10 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist * [URIs: tankseat.com] * 10 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist * [URIs: tankseat.com] * 1.1 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread) * [URIs: tankseat.com] * 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net * [Blocked - see ] * 0.6 RCVD_IN_SORBS_WEB RBL: SORBS: sender is a abuseable web server * [72.45.208.67 listed in dnsbl.sorbs.net] * 2.0 FM_DDDD_TIMES_2 Dual helo + host eq d_d_d_d * 0.1 RDNS_DYNAMIC Delivered to trusted network by host with * dynamic-looking rDNS * 1.7 SARE_SPEC_ROLEX Rolex watch spam * 2.8 DOS_OE_TO_MX Delivered direct to MX with OE headers Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wwlxMI-ej9BD for ; Fri, 1 Feb 2008 04:35:22 -0800 (PST) Received: from rrcs-72-45-208-67.nys.biz.rr.com (rrcs-72-45-208-67.nys.biz.rr.com [72.45.208.67]) by core3.amsl.com (Postfix) with ESMTP id B95BB3A680E for ; Fri, 1 Feb 2008 04:35:22 -0800 (PST) Message-ID: <000601c864cf$033aa599$9c63f68e@ekwqphw> From: "ibrahim hesperos" To: "Christopher Macias" Subject: ***SPAM*** 97.466 (5) exclusive watches, affordable prices rolex Date: Fri, 01 Feb 2008 10:52:45 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 The finest of luxury timepieces at the LOWEST prices!! http://tankseat.com/ From ndleuten@afa-sarl.fr Fri Feb 1 04:40:28 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A747C3A6905 for ; Fri, 1 Feb 2008 04:40:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: YES X-Spam-Score: 70.641 X-Spam-Level: **************************************************************** X-Spam-Status: Yes, score=70.641 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DOS_OE_TO_MX=2.75, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_VERIZON_P=2.144, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DSL=1.129, HELO_EQ_VERIZON_POOL=1.495, HTML_MESSAGE=1, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_DSBL=0.961, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10] X-Spam-Report: * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.0000] * 2.1 FH_HOST_EQ_VERIZON_P Host is pool-.+verizon.net * 0.8 FH_HOST_EQ_D_D_D_D Host starts with d-d-d-d * 1.1 HELO_EQ_DSL HELO_EQ_DSL * 2.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr * 1) * 1.5 HELO_EQ_VERIZON_POOL HELO_EQ_VERIZON_POOL * 1.6 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d * 1.0 HTML_MESSAGE BODY: HTML included in message * 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level * above 50% * [cf: 100] * 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) * 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level * above 50% * [cf: 100] * 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% * [cf: 100] * 20 URIBL_BLACK Contains an URL listed in the URIBL blacklist * [URIs: bjoogehhy.com] * 10 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist * [URIs: bjoogehhy.com] * 10 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist * [URIs: bjoogehhy.com] * 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address * [71.105.100.203 listed in dnsbl.sorbs.net] * 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net * [Blocked - see ] * 1.0 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org * [] * 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL * [71.105.100.203 listed in zen.spamhaus.org] * 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL * 2.0 FM_DDDD_TIMES_2 Dual helo + host eq d_d_d_d * 0.1 RDNS_DYNAMIC Delivered to trusted network by host with * dynamic-looking rDNS * 2.8 DOS_OE_TO_MX Delivered direct to MX with OE headers Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pssu-wkaWPRX for ; Fri, 1 Feb 2008 04:40:28 -0800 (PST) Received: from pool-71-105-100-203.lsanca.dsl-w.verizon.net (pool-71-105-100-203.lsanca.dsl-w.verizon.net [71.105.100.203]) by core3.amsl.com (Postfix) with ESMTP id C0F043A6813 for ; Fri, 1 Feb 2008 04:40:27 -0800 (PST) Message-ID: <000601c864d0$21077090$cb646947@Shahriyar> From: "Pollyanna Goron" To: ipsec-archive@lists.ietf.org Subject: ***SPAM*** 70.641 (5) A well hung SCHLONG will get you places you've never been before. Date: Fri, 1 Feb 2008 04:44:05 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--------=_NextPart_000_0002_01C8648D.12E43090" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 ----------=_NextPart_000_0002_01C8648D.12E43090 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable There will be no stopping you after this. Your powers are soon to be = unleashed. ----------=_NextPart_000_0002_01C8648D.12E43090 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable There will be no stopping you = after this.=20 Your powers are soon to be unleashed. ----------=_NextPart_000_0002_01C8648D.12E43090-- From mailman-bounces@core3.amsl.com Fri Feb 1 06:24:13 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E3A0F28E681 for ; Fri, 1 Feb 2008 06:22:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.588 X-Spam-Level: X-Spam-Status: No, score=-2.588 tagged_above=-999 required=5 tests=[AWL=0.011, BAYES_00=-2.599] Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a5ahk+WWniKP for ; Fri, 1 Feb 2008 06:22:38 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4CACA293F7B for ; Fri, 1 Feb 2008 05:59:22 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: ietf.org mailing list memberships reminder From: mailman-owner@ietf.org To: ipsec-archive@megatron.ietf.org X-No-Archive: yes Message-ID: Date: Fri, 01 Feb 2008 05:07:28 -0800 Precedence: bulk X-BeenThere: mailman@core3.amsl.com X-Mailman-Version: 2.1.9 List-Id: X-List-Administrivia: yes Sender: mailman-bounces@core3.amsl.com Errors-To: mailman-bounces@core3.amsl.com This is a reminder, sent out once a month, about your ietf.org mailing list memberships. It includes your subscription info and how to use it to change it or unsubscribe from a list. You can visit the URLs to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. In addition to the URL interfaces, you can also use email to make such changes. For more info, send a message to the '-request' address of the list (for example, mailman-request@ietf.org) containing just the word 'help' in the message body, and an email message will be sent to you with instructions. If you have questions, problems, comments, etc, send them to mailman-owner@ietf.org. Thanks! http://www.ietf.org/mailman/options/ipsec/ipsec-archive%40megatron.ietf.org From mailman-bounces@core3.amsl.com Fri Feb 1 06:25:17 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ACD71293E09 for ; Fri, 1 Feb 2008 06:23:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.588 X-Spam-Level: X-Spam-Status: No, score=-2.588 tagged_above=-999 required=5 tests=[AWL=0.011, BAYES_00=-2.599] Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v+efYMCTHoG7 for ; Fri, 1 Feb 2008 06:23:12 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BE43C2A372A for ; Fri, 1 Feb 2008 05:58:59 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: ietf.org mailing list memberships reminder From: mailman-owner@ietf.org To: ipsec-archive@megatron.ietf.org X-No-Archive: yes Message-ID: Date: Fri, 01 Feb 2008 05:07:26 -0800 Precedence: bulk X-BeenThere: mailman@core3.amsl.com X-Mailman-Version: 2.1.9 List-Id: X-List-Administrivia: yes Sender: mailman-bounces@core3.amsl.com Errors-To: mailman-bounces@core3.amsl.com This is a reminder, sent out once a month, about your ietf.org mailing list memberships. It includes your subscription info and how to use it to change it or unsubscribe from a list. You can visit the URLs to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. In addition to the URL interfaces, you can also use email to make such changes. For more info, send a message to the '-request' address of the list (for example, mailman-request@ietf.org) containing just the word 'help' in the message body, and an email message will be sent to you with instructions. If you have questions, problems, comments, etc, send them to mailman-owner@ietf.org. Thanks! http://www.ietf.org/mailman/options/ipsec/ipsec-archive%40megatron.ietf.org From DesmondsyrupyBooth@dfwairport.com Fri Feb 1 07:20:24 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A89213A6A60; Fri, 1 Feb 2008 07:20:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: YES X-Spam-Score: 17.024 X-Spam-Level: ***************** X-Spam-Status: Yes, score=17.024 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DNS_FROM_RFC_BOGUSMX=1.482, DOS_OE_TO_MX=2.75, FORGED_MUA_OUTLOOK=3.116, INVALID_MSGID=1.9, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, SARE_MLH_Stock1=0.87, STOX_REPLY_TYPE=0.001] X-Spam-Report: * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.0000] * 0.9 SARE_MLH_Stock1 Subject mentions stock or stock related words * 0.0 STOX_REPLY_TYPE STOX_REPLY_TYPE * 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) * 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level * above 50% * [cf: 100] * 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% * [cf: 100] * 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL * [77.134.49.254 listed in zen.spamhaus.org] * 1.5 DNS_FROM_RFC_BOGUSMX RBL: Envelope sender in * bogusmx.rfc-ignorant.org * 1.9 INVALID_MSGID Message-Id is not valid, according to RFC 2822 * 3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.8 DOS_OE_TO_MX Delivered direct to MX with OE headers Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hk24BHQH99Sd; Fri, 1 Feb 2008 07:20:23 -0800 (PST) Received: from woodwest1.home (pool-71-187-228-6.nwrknj.fios.verizon.net [71.187.228.6]) by core3.amsl.com (Postfix) with SMTP id AA4F628C76A; Fri, 1 Feb 2008 06:56:11 -0800 (PST) Message-ID: 13d901c864e2$ce4c6a00$0201a8c0@woodwest1 From: "Solomon Deleon" To: Subject: ***SPAM*** 17.024 (5) Superstar stock report Date: Fri, 1 Feb 2008 09:57:25 +0500 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 No Looking back on G&S minerals Symbol-GSML Up 4 consecutive days for over 40% in profits and record volume Read the PR, the good news keeps coming. Add GSML to your Radar and watch it like a hawk. This company is going to $3. even if it hits half of projected forcast it would be a phenomenal 1000% profit. No other stock can deliver that in times like this Get in on GSML G&S minerals INC. From KermitludwigHorn@wikipedia.org Fri Feb 1 07:21:27 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DB1A53A6AAC; Fri, 1 Feb 2008 07:21:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: YES X-Spam-Score: 14.382 X-Spam-Level: ************** X-Spam-Status: Yes, score=14.382 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DOS_OE_TO_MX=2.75, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, HTML_MESSAGE=1, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1, SARE_MLH_Stock1=0.87] X-Spam-Report: * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.0000] * 1.2 HOST_EQ_IT HOST_EQ_IT * 0.6 HELO_EQ_IT HELO_EQ_IT * 0.9 SARE_MLH_Stock1 Subject mentions stock or stock related words * 1.0 HTML_MESSAGE BODY: HTML included in message * 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) * 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level * above 50% * [cf: 100] * 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% * [cf: 100] * 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL * [87.15.166.192 listed in zen.spamhaus.org] * 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address * [87.15.166.192 listed in dnsbl.sorbs.net] * 0.1 RDNS_DYNAMIC Delivered to trusted network by host with * dynamic-looking rDNS * 2.8 DOS_OE_TO_MX Delivered direct to MX with OE headers Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WoLb6IWcfke4; Fri, 1 Feb 2008 07:21:24 -0800 (PST) Received: from dompc.homenet.telecomitalia.it (host192-166-dynamic.15-87-r.retail.telecomitalia.it [87.15.166.192]) by core3.amsl.com (Postfix) with SMTP id 0AE1828C515; Fri, 1 Feb 2008 07:00:13 -0800 (PST) Message-ID: <7b6d01c864e3$59e765b0$4201a8c0@dompc> From: "Elvin Navarro" To: Cc: , " =20
We told you to keep = watching, G &=20 S Minerals... Symol : GSML

Gold is reaching = record of $1000/=20 oz ... GSML is the undiscovered gem you should be invested=20 in.

Up 4 straight days with = record=20 volume

If you missed the move = from .13 to .17=20 dont dispair they have not even scratched the surfact.

This company is going to=20 $3.00

So grab yourself = some GSML and=20 earn easy 10 bagger

------=_NextPart_000_7B69_01C864E3.59E765B0-- From ColemanbarbarianChaney@swankyconservative.com Fri Feb 1 09:35:57 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0D22E28C1DB; Fri, 1 Feb 2008 09:35:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: YES X-Spam-Score: 17.024 X-Spam-Level: ***************** X-Spam-Status: Yes, score=17.024 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DNS_FROM_RFC_BOGUSMX=1.482, DOS_OE_TO_MX=2.75, FORGED_MUA_OUTLOOK=3.116, INVALID_MSGID=1.9, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_PBL=0.905, SARE_MLH_Stock1=0.87, STOX_REPLY_TYPE=0.001] X-Spam-Report: * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.0000] * 0.9 SARE_MLH_Stock1 Subject mentions stock or stock related words * 0.0 STOX_REPLY_TYPE STOX_REPLY_TYPE * 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) * 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level * above 50% * [cf: 100] * 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% * [cf: 100] * 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL * [77.134.49.254 listed in zen.spamhaus.org] * 1.5 DNS_FROM_RFC_BOGUSMX RBL: Envelope sender in * bogusmx.rfc-ignorant.org * 1.9 INVALID_MSGID Message-Id is not valid, according to RFC 2822 * 3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.8 DOS_OE_TO_MX Delivered direct to MX with OE headers Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eGZTWK+75NDv; Fri, 1 Feb 2008 09:35:56 -0800 (PST) Received: from pc.lan (unknown [89.130.118.71]) by core3.amsl.com (Postfix) with SMTP id 6350A28C2E8; Fri, 1 Feb 2008 09:33:42 -0800 (PST) Message-ID: 5c1e01c864f8$cfd26bc0$4001a8c0@pc From: "Margarito Mcpherson" To: , " X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E2B273A681A for ; Fri, 1 Feb 2008 09:57:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: YES X-Spam-Score: 53.37 X-Spam-Level: ***************************************************** X-Spam-Status: Yes, score=53.37 tagged_above=-999 required=5 tests=[BAYES_99=3.5, HELO_EQ_RU=0.595, HOST_EQ_RU=0.875, NORMAL_HTTP_TO_IP=0.001, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033, STOX_REPLY_TYPE=0.001, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_WS_SURBL=10] X-Spam-Report: * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.0000] * 0.9 HOST_EQ_RU HOST_EQ_RU * 0.6 HELO_EQ_RU HELO_EQ_RU * 0.0 STOX_REPLY_TYPE STOX_REPLY_TYPE * 0.0 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL * 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level * above 50% * [cf: 100] * 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) * 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% * [cf: 100] * 20 URIBL_BLACK Contains an URL listed in the URIBL blacklist * [URIs: 213.37.203.230] * 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL * [212.33.234.121 listed in zen.spamhaus.org] * 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL * 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net * [Blocked - see ] * 10 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist * [URIs: 213.37.203.230] * 10 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist * [URIs: 213.37.203.230] Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FZj8BaSzitkj for ; Fri, 1 Feb 2008 09:57:40 -0800 (PST) Received: from net234-121.ertelecom.ru (net234-121.ertelecom.ru [212.33.234.121]) by core3.amsl.com (Postfix) with SMTP id 027583A693D for ; Fri, 1 Feb 2008 09:57:35 -0800 (PST) Received: from [129.181.32.137] (helo=gldsi) by net234-121.ertelecom.ru with smtp (Exim 4.62 (FreeBSD)) id 1JL0EA-0003mN-3Z; Fri, 1 Feb 2008 23:03:02 +0500 Message-ID: <000301c864fc$20948680$8920b581@gldsi> From: To: Subject: ***SPAM*** 53.37 (5) A Rose Date: Fri, 1 Feb 2008 22:59:02 +0500 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1250"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4029.2901 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4029.2901 Sending You All My Love http://213.37.203.230/ From naticsa1981@achromatic.be Fri Feb 1 10:58:26 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D4B6028C31C for ; Fri, 1 Feb 2008 10:58:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: YES X-Spam-Score: 89.096 X-Spam-Level: **************************************************************** X-Spam-Status: Yes, score=89.096 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DOS_OE_TO_MX=2.75, FRT_ERECTION=3.642, FUZZY_ERECT=0.804, HELO_EQ_PL=1.135, HOST_EQ_PL=1.95, HTML_MESSAGE=1, J_CHICKENPOX_33=0.6, J_CHICKENPOX_52=0.6, MANGLED_ERECTN=2.3, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_XBL=3.033, SARE_OBFU_PART_ION=1.666, SUBJECT_FUZZY_TION=0.156, URIBL_BLACK=20, URIBL_JP_SURBL=10, URIBL_OB_SURBL=10, URIBL_SC_SURBL=10, URIBL_WS_SURBL=10] X-Spam-Report: * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.0000] * 1.9 HOST_EQ_PL HOST_EQ_PL * 1.1 HELO_EQ_PL HELO_EQ_PL * 0.2 SUBJECT_FUZZY_TION Attempt to obfuscate words in Subject: * 3.6 FRT_ERECTION BODY: ReplaceTags: Erection * 2.3 MANGLED_ERECTN BODY: mangled erection(s) * 0.6 J_CHICKENPOX_33 BODY: 3alpha-pock-3alpha * 1.7 SARE_OBFU_PART_ION BODY: obfusciation of word containing ion * 0.8 FUZZY_ERECT BODY: Attempt to obfuscate words in spam * 0.6 J_CHICKENPOX_52 BODY: 5alpha-pock-2alpha * 1.0 HTML_MESSAGE BODY: HTML included in message * 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level * above 50% * [cf: 100] * 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) * 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level * above 50% * [cf: 100] * 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% * [cf: 100] * 20 URIBL_BLACK Contains an URL listed in the URIBL blacklist * [URIs: lefoursm.com] * 10 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist * [URIs: lefoursm.com] * 10 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist * [URIs: lefoursm.com] * 10 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist * [URIs: lefoursm.com] * 10 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist * [URIs: lefoursm.com] * 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL * [212.76.37.190 listed in zen.spamhaus.org] * 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net * [Blocked - see ] * 2.8 DOS_OE_TO_MX Delivered direct to MX with OE headers Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1rLgQ6nIr3Ql for ; Fri, 1 Feb 2008 10:58:26 -0800 (PST) Received: from nat-mi2-1.aster.pl (nat-mi2-1.aster.pl [212.76.37.190]) by core3.amsl.com (Postfix) with ESMTP id D182828C1D1 for ; Fri, 1 Feb 2008 10:50:11 -0800 (PST) Message-ID: <000d01c86503$7df62610$be254cd4@urszula2e0a67c> From: "Pero Oliverio" To: ipsec-archive@lists.ietf.org Subject: ***SPAM*** 89.096 (5) Tired of losing your erect1on in 15 minutes, or a small sch1ong? Here is the solution. Date: Fri, 1 Feb 2008 19:51:45 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--------=_NextPart_000_0009_01C8650B.DFBA8E10" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 ----------=_NextPart_000_0009_01C8650B.DFBA8E10 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Your hot dates are set to get HOTTER. ----------=_NextPart_000_0009_01C8650B.DFBA8E10 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Your hot dates are set to get=20 HOTTER. ----------=_NextPart_000_0009_01C8650B.DFBA8E10-- From GeorgiafriedmanSnell@amcnarragansett.org Fri Feb 1 12:17:46 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4EEE53A695B; Fri, 1 Feb 2008 12:17:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: YES X-Spam-Score: 25.807 X-Spam-Level: ************************* X-Spam-Status: Yes, score=25.807 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DOS_OE_TO_MX=2.75, FH_RELAY_NODNS=1.451, FORGED_MUA_OUTLOOK=3.116, HELO_LH_HOME=3.714, INVALID_MSGID=1.9, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_NONE=0.1, STOX_REPLY_TYPE=0.001] X-Spam-Report: * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.0000] * 3.7 HELO_LH_HOME HELO_LH_HOME * 1.5 FH_RELAY_NODNS We could not determine your Reverse DNS * 0.0 STOX_REPLY_TYPE STOX_REPLY_TYPE * 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) * 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level * above 50% * [cf: 100] * 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% * [cf: 100] * 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net * [Blocked - see ] * 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address * [190.24.62.12 listed in dnsbl.sorbs.net] * 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL * [190.24.62.12 listed in zen.spamhaus.org] * 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL * 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS * 1.9 INVALID_MSGID Message-Id is not valid, according to RFC 2822 * 3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.8 DOS_OE_TO_MX Delivered direct to MX with OE headers Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R0xetddaRubb; Fri, 1 Feb 2008 12:17:46 -0800 (PST) Received: from janmir.star.com.pe (unknown [200.107.150.111]) by core3.amsl.com (Postfix) with SMTP id 26E5C3A6994; Fri, 1 Feb 2008 12:17:44 -0800 (PST) Message-ID: 6116501c8650f$b669f010$6f966bc8@janmir From: "Claudia Snell" To: , " X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 398123A693D; Fri, 1 Feb 2008 12:21:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: YES X-Spam-Score: 24.046 X-Spam-Level: ************************ X-Spam-Status: Yes, score=24.046 tagged_above=-999 required=5 tests=[BAYES_99=3.5, DATE_IN_PAST_12_24=0.992, DOS_OE_TO_MX=2.75, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, FORGED_MUA_OUTLOOK=3.116, HTML_MESSAGE=1, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_DYNAMIC=0.1, SARE_MLH_Stock7=1.66] X-Spam-Report: * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.0000] * 0.8 FH_HOST_EQ_D_D_D_D Host starts with d-d-d-d * 0.9 FH_HOST_EQ_D_D_D_DB Host is d-d-d-d * 1.7 SARE_MLH_Stock7 Various common stock subjects * 1.0 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date * 1.0 HTML_MESSAGE BODY: HTML included in message * 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) * 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level * above 50% * [cf: 100] * 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% * [cf: 100] * 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address * [216.160.94.66 listed in dnsbl.sorbs.net] * 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net * [Blocked - see ] * 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL * [216.160.94.66 listed in zen.spamhaus.org] * 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL * 0.1 RDNS_DYNAMIC Delivered to trusted network by host with * dynamic-looking rDNS * 3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook * 2.8 DOS_OE_TO_MX Delivered direct to MX with OE headers Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uzcTmGY0zHPu; Fri, 1 Feb 2008 12:21:41 -0800 (PST) Received: from mohamedbb468ca.gateway.2wire.net (216-160-94-66.tukw.qwest.net [216.160.94.66]) by core3.amsl.com (Postfix) with SMTP id C6B6B3A696E; Fri, 1 Feb 2008 12:20:24 -0800 (PST) Message-ID: <155f501c86510$1bab6a80$4200a8c0@mohamedbb468ca> From: "Minnie Winston" To: Cc: , " =20
We told you to keep = watching, G &=20 S Minerals... Symol : GSML

Gold is reaching = record of $1000/=20 oz ... GSML is the undiscovered gem you should be invested=20 in.

Up 4 straight days with = record=20 volume

If you missed the move = from .13 to .17=20 dont dispair they have not even scratched the surfact.

This company is going to=20 $3.00

So grab yourself = some GSML and=20 earn easy 10 bagger

------=_NextPart_000_155F1_01C86510.1BAB6A80-- From ipsec-bounces@ietf.org Fri Feb 1 15:37:20 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D839228C1AD; Fri, 1 Feb 2008 15:37:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.949 X-Spam-Level: X-Spam-Status: No, score=-5.949 tagged_above=-999 required=5 tests=[AWL=0.650, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tQpcl-UkjvWp; Fri, 1 Feb 2008 15:37:20 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EA3D13A693D; Fri, 1 Feb 2008 15:37:19 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 19AA03A693D for ; Fri, 1 Feb 2008 15:37:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PTezXZJ2dUS6 for ; Fri, 1 Feb 2008 15:37:17 -0800 (PST) Received: from e3.ny.us.ibm.com (e3.ny.us.ibm.com [32.97.182.143]) by core3.amsl.com (Postfix) with ESMTP id 381B23A687B for ; Fri, 1 Feb 2008 15:37:15 -0800 (PST) Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236]) by e3.ny.us.ibm.com (8.13.8/8.13.8) with ESMTP id m11NcffS022888 for ; Fri, 1 Feb 2008 18:38:41 -0500 Received: from d01av03.pok.ibm.com (d01av03.pok.ibm.com [9.56.224.217]) by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v8.7) with ESMTP id m11NcfvT392928 for ; Fri, 1 Feb 2008 18:38:41 -0500 Received: from d01av03.pok.ibm.com (loopback [127.0.0.1]) by d01av03.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id m11Ncf85023372 for ; Fri, 1 Feb 2008 18:38:41 -0500 Received: from austin.ibm.com (netmail1.austin.ibm.com [9.41.248.175]) by d01av03.pok.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id m11NcfmH023361 for ; Fri, 1 Feb 2008 18:38:41 -0500 Received: from faith.austin.ibm.com (faith.austin.ibm.com [9.53.40.35]) by austin.ibm.com (8.13.8/8.12.10) with ESMTP id m11Ncejt035536 for ; Fri, 1 Feb 2008 17:38:40 -0600 Received: from faith.austin.ibm.com (localhost.localdomain [127.0.0.1]) by faith.austin.ibm.com (8.13.4/8.12.8) with ESMTP id m11NaWe8002898 for ; Fri, 1 Feb 2008 17:36:32 -0600 Received: (from jml@localhost) by faith.austin.ibm.com (8.13.4/8.13.4/Submit) id m11NaWWf002897 for ipsec@ietf.org; Fri, 1 Feb 2008 17:36:32 -0600 X-Authentication-Warning: faith.austin.ibm.com: jml set sender to latten@austin.ibm.com using -f From: Joy Latten To: ipsec@ietf.org Date: Fri, 01 Feb 2008 17:36:31 -0600 Message-Id: <1201908991.2594.78.camel@faith.austin.ibm.com> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 (2.2.3-2.fc4) Subject: [IPsec] question regarding ikev2 rfc X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org My colleagues and I implemented technology that uses "labeled" SAs to enforce mandatory access control on the network. We introduced a new security attribute to allow IKE to communicate an opaque security label when negotiating an SA. The IPsec DOI (rfc 2407) contained a SIT_SECRECY and SIT_INTEGRITY but these were not sufficient. I also noticed they are not in IKEv2. It had been our intention to create an addendum to IPsec DOI and receive number from IANA for the security attribute. Thus allowing interoperability. But IKEv2 has obsoleted IPsec DOI and IKEv1. Perhaps it could be considered an addendum to IKEv2, but I am not sure if it would be considered a transform type? Any suggestions would be greatly appreciated. regards, Joy Latten _______________________________________________ IPsec mailing list IPsec@ietf.org http://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Sat Feb 2 23:53:08 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CB96D3A6AEB; Sat, 2 Feb 2008 23:53:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.917 X-Spam-Level: X-Spam-Status: No, score=-2.917 tagged_above=-999 required=5 tests=[AWL=-0.318, BAYES_00=-2.599] Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EXrGvn4aodTE; Sat, 2 Feb 2008 23:53:08 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EB8143A68E2; Sat, 2 Feb 2008 23:53:07 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7CF723A68E2 for ; Sat, 2 Feb 2008 23:53:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0bO7rFfLbtr1 for ; Sat, 2 Feb 2008 23:53:06 -0800 (PST) Received: from dlpdemo.checkpoint.com (dyn32-54.checkpoint.com [194.29.32.54]) by core3.amsl.com (Postfix) with ESMTP id 8FDED3A689E for ; Sat, 2 Feb 2008 23:53:06 -0800 (PST) Received: by dlpdemo.checkpoint.com (Postfix, from userid 105) id CAF762006EC; Sun, 3 Feb 2008 09:59:59 +0200 (IST) Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by dlpdemo.checkpoint.com (Postfix) with ESMTP id 430A12006E1; Sun, 3 Feb 2008 09:59:59 +0200 (IST) Received: from MBP.checkpoint.com (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id m137srP8009764; Sun, 3 Feb 2008 09:54:53 +0200 (IST) Message-Id: From: Yoav Nir To: Joy Latten In-Reply-To: <1201908991.2594.78.camel@faith.austin.ibm.com> Mime-Version: 1.0 (Apple Message framework v915) Date: Sun, 3 Feb 2008 09:54:38 +0200 References: <1201908991.2594.78.camel@faith.austin.ibm.com> X-Mailer: Apple Mail (2.915) Cc: ipsec@ietf.org Subject: Re: [IPsec] question regarding ikev2 rfc X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org On Feb 2, 2008, at 1:36 AM, Joy Latten wrote: > My colleagues and I implemented technology that uses "labeled" SAs > to enforce mandatory access control on the network. We introduced a > new security attribute to allow IKE to communicate an opaque > security label when negotiating an SA. The IPsec DOI (rfc 2407) > contained a SIT_SECRECY and SIT_INTEGRITY but these were not > sufficient. I also noticed they are not in IKEv2. > > It had been our intention to create an addendum to IPsec DOI and > receive number from IANA for the security attribute. Thus allowing > interoperability. But IKEv2 has obsoleted IPsec DOI and IKEv1. > > Perhaps it could be considered an addendum to IKEv2, but I am not > sure if it would be considered a transform type? Any suggestions > would be greatly appreciated. > > regards, > Joy Latten That would depend on what "labeled" SAs do. IKEv2 does allow you to set up multiple parallel SAs, meaning multiple SAs with similar selectors. This was allowed to accommodate QoS and allow clusters of gateways to each have its own SA pair. If what you need is a string label or blob that's meaningful to both sides of the negotiation, you may want to add a "sa_label" notification, because that does not really need negotiation, so there's no real need to add it to the SA payload. If this is something that does require negotiation, then please explain the need. Hope this helps. Yoav Nir _______________________________________________ IPsec mailing list IPsec@ietf.org http://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Mon Feb 4 03:41:56 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4AB6E3A6ED4; Mon, 4 Feb 2008 03:41:56 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.197 X-Spam-Level: X-Spam-Status: No, score=-6.197 tagged_above=-999 required=5 tests=[AWL=0.402, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4] Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lLlGmIWM67oN; Mon, 4 Feb 2008 03:41:55 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5F36D3A6EAE; Mon, 4 Feb 2008 03:41:55 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6D3E23A6EAE for ; Mon, 4 Feb 2008 03:41:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IdD03jpP9nEx for ; Mon, 4 Feb 2008 03:41:53 -0800 (PST) Received: from tietoe03.tietoenator.com (mail1.tieto.com [194.110.47.24]) by core3.amsl.com (Postfix) with ESMTP id 6C7953A6E22 for ; Mon, 4 Feb 2008 03:41:53 -0800 (PST) X-AuditID: c26e2f18-000024f8000011e4-9b-47a6fa4f266b Received: from stingray.eu.tieto.com ([192.176.143.13]) by tietoe03.tietoenator.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 4 Feb 2008 13:43:11 +0200 Received: from corvette.eu.tieto.com ([192.176.143.143]) by stingray.eu.tieto.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 4 Feb 2008 12:43:25 +0100 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Mon, 4 Feb 2008 12:43:24 +0100 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: RFC 4301 Appendix E on nested SAs Thread-Index: AchnIyYkdJNF58DQQVuyeqG5dg2LCQ== From: To: X-OriginalArrivalTime: 04 Feb 2008 11:43:25.0206 (UTC) FILETIME=[26C59B60:01C86723] X-Brightmail-Tracker: AAAAAA== Subject: [IPsec] RFC 4301 Appendix E on nested SAs X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org From the description in RFC 4301 Appendix E it is clear, that an outbound packet from A to C is provided with two ESP headers before sent on the wire. It is also clear, that an inbound packet from B to A with two ESP headers will be processed twice by IPsec before handed to the application. However, a packet arriving at A, purported sent from C (ie with C as source address and A as destination address), with only one ESP header, namely the ESP transport header, will be processed only once by IPsec before handed to the application. Thus the condition, that the packet ought to have had two ESP headers is not checked. If the ESP transport protection used by the application has sufficient strength, no security breach is made. However, if the ESP transport has low strength because it expects the outer tunnel to provide adequate security on the wire between A and B, then that adequate security is not mandated for inbound packets. Did I miss something? Christian _______________________________________________ IPsec mailing list IPsec@ietf.org http://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Mon Feb 4 11:48:02 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B746E3A7136; Mon, 4 Feb 2008 11:48:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.227 X-Spam-Level: X-Spam-Status: No, score=-2.227 tagged_above=-999 required=5 tests=[AWL=0.372, BAYES_00=-2.599] Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wFLQdWT+Fe0X; Mon, 4 Feb 2008 11:48:02 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 67C513A713E; Mon, 4 Feb 2008 11:47:41 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0DAD13A7137 for ; Mon, 4 Feb 2008 11:47:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3vwiDMaejEBu for ; Mon, 4 Feb 2008 11:47:39 -0800 (PST) Received: from mx11.bbn.com (mx11.bbn.com [128.33.0.80]) by core3.amsl.com (Postfix) with ESMTP id 8B0693A7141 for ; Mon, 4 Feb 2008 11:46:24 -0800 (PST) Received: from dhcp89-089-071.bbn.com ([128.89.89.71]) by mx11.bbn.com with esmtp (Exim 4.60) (envelope-from ) id 1JM7IL-0005RV-61; Mon, 04 Feb 2008 14:47:58 -0500 Mime-Version: 1.0 Message-Id: In-Reply-To: <1201908991.2594.78.camel@faith.austin.ibm.com> References: <1201908991.2594.78.camel@faith.austin.ibm.com> Date: Mon, 4 Feb 2008 14:47:57 -0500 To: Joy Latten From: Stephen Kent Cc: ipsec@ietf.org Subject: Re: [IPsec] question regarding ikev2 rfc X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org At 5:36 PM -0600 2/1/08, Joy Latten wrote: >My colleagues and I implemented technology that uses "labeled" SAs >to enforce mandatory access control on the network. We introduced a >new security attribute to allow IKE to communicate an opaque >security label when negotiating an SA. The IPsec DOI (rfc 2407) >contained a SIT_SECRECY and SIT_INTEGRITY but these were not >sufficient. I also noticed they are not in IKEv2. > >It had been our intention to create an addendum to IPsec DOI and >receive number from IANA for the security attribute. Thus allowing >interoperability. But IKEv2 has obsoleted IPsec DOI and IKEv1. > >Perhaps it could be considered an addendum to IKEv2, but I am not >sure if it would be considered a transform type? Any suggestions >would be greatly appreciated. > >regards, >Joy Latten RFC 2301 discussed using IPSO labels for mandatory access control, but there was so little interest in the community that the discussion was removed from 4301. I presume you're using IPSO or CIPSO, right? Use of security labels would require additions to many parts of IPsec, e.g., the PAD and SPD, as well as IKE for carriage of labels to be used to negotiate child SAs. Steve _______________________________________________ IPsec mailing list IPsec@ietf.org http://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Mon Feb 4 12:09:03 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A98023A7046; Mon, 4 Feb 2008 12:09:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.046 X-Spam-Level: X-Spam-Status: No, score=-3.046 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_LOW=-1] Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TpfpCqrYv45e; Mon, 4 Feb 2008 12:09:02 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C44173A6F53; Mon, 4 Feb 2008 12:09:02 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A65383A6F53 for ; Mon, 4 Feb 2008 12:09:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JlBIUb6gzqjl for ; Mon, 4 Feb 2008 12:09:00 -0800 (PST) Received: from brmea-mail-1.sun.com (brmea-mail-1.Sun.COM [192.18.98.31]) by core3.amsl.com (Postfix) with ESMTP id 482543A6CA9 for ; Mon, 4 Feb 2008 12:09:00 -0800 (PST) Received: from dm-east-02.east.sun.com ([129.148.13.5]) by brmea-mail-1.sun.com (8.13.6+Sun/8.12.9) with ESMTP id m14KA6W9027591; Mon, 4 Feb 2008 20:10:07 GMT Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by dm-east-02.east.sun.com (8.13.8+Sun/8.13.8/ENSMAIL,v2.2) with ESMTP id m14KA6cH043268; Mon, 4 Feb 2008 15:10:06 -0500 (EST) Received: from [IPv6:::1] (localhost [IPv6:::1]) by thunk.east.sun.com (8.14.2+Sun/8.14.2) with ESMTP id m14KA5Tw013050; Mon, 4 Feb 2008 15:10:05 -0500 (EST) From: Bill Sommerfeld To: Joy Latten In-Reply-To: <1201908991.2594.78.camel@faith.austin.ibm.com> References: <1201908991.2594.78.camel@faith.austin.ibm.com> Date: Mon, 04 Feb 2008 15:10:05 -0500 Message-Id: <1202155805.12527.3.camel@thunk> Mime-Version: 1.0 X-Mailer: Evolution 2.12.2 Cc: ipsec@ietf.org Subject: Re: [IPsec] question regarding ikev2 rfc X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org On Fri, 2008-02-01 at 17:36 -0600, Joy Latten wrote: > My colleagues and I implemented technology that uses "labeled" SAs > to enforce mandatory access control on the network. We introduced a > new security attribute to allow IKE to communicate an opaque > security label when negotiating an SA. The IPsec DOI (rfc 2407) > contained a SIT_SECRECY and SIT_INTEGRITY but these were not > sufficient. I also noticed they are not in IKEv2. I'm curious about why you found them insufficient -- I've prototyped something similar (with sensitivity labels), and IKE v1's SIT_SECRECY has so far worked for our purposes. - Bill _______________________________________________ IPsec mailing list IPsec@ietf.org http://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Mon Feb 4 12:39:28 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 88B293A70AA; Mon, 4 Feb 2008 12:39:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.376 X-Spam-Level: X-Spam-Status: No, score=-2.376 tagged_above=-999 required=5 tests=[AWL=0.223, BAYES_00=-2.599] Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UDnXYfq4b7wx; Mon, 4 Feb 2008 12:39:27 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7A74C3A70A7; Mon, 4 Feb 2008 12:39:27 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2AFD43A7046 for ; Mon, 4 Feb 2008 12:39:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from core3.amsl.com ([127.0.0.1]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8Vb58RiEw5yN for ; Mon, 4 Feb 2008 12:39:25 -0800 (PST) Received: from mx12.bbn.com (mx12.bbn.com [128.33.0.81]) by core3.amsl.com (Postfix) with ESMTP id 3D0B03A7004 for ; Mon, 4 Feb 2008 12:39:25 -0800 (PST) Received: from dhcp89-089-071.bbn.com ([128.89.89.71]) by mx12.bbn.com with esmtp (Exim 4.60) (envelope-from ) id 1JM87e-00089o-5L; Mon, 04 Feb 2008 15:40:58 -0500 Mime-Version: 1.0 Message-Id: In-Reply-To: References: Date: Mon, 4 Feb 2008 15:40:57 -0500 To: From: Stephen Kent Cc: ipsec@ietf.org Subject: Re: [IPsec] RFC 4301 Appendix E on nested SAs X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org Christian, The "simple" example on Appendix E does require that the packet from C be transport mode. If C is behind B, as indicated in the example, then traffic from C ought not be forwarded to A unless it is encapsulated in a tunnel from B to A. The example does not describe the SPD, SAD, or forwarding tables in B or C, so one cannot see this explicitly, but that is the intent. Your messages says "... a packet arriving at A, purported[ly] sent from C ..." An inbound packet with C as the source and with ESP integrity-only protection cannot be process correctly unless an SA (pair) has been established for this transport mode SA. In the course of establishing that SA, the IKE process in A verifies C's identity, so the packet really must be from C. If the packet is not from C, it will fail the integrity check and be discarded. Hence the term "purported" seems inappropriate here. So, the problem you cite could occur only IF C were not really behind B, OR IF B's SPD/SAD is in error (and C is behind B). If C is not really behind B, A cannot send any traffic to C, since the forwarding table is set to loop back all traffic from A to C, even if it is ESP traffic. Only when traffic is sent from A to B (inside the tunnel) is it allowed out. This applies to IKE traffic too, so no SA would be established between A and C. The latter case (where C is behind B) is indicative of an error in SPD management at B. For example, B must terminate the inbound traffic from A (directed to C) received via a tunnel mode SA, and be willing to pass the resulting SP traffic to C, for the SA with C to be established, yet it must also allow outbound traffic from C to be bypassed to A. You are right that we don't unilaterally protect against this sort of error in B's SPD, even though A's outbound traffic to C IS protected based on the nested SA configuration. One would have to add additional state to SAD entries to be able to tell if a Ipsec-protected packet that is valid when received within a tunnel was, in fact, delivered within the context of the tunnel. Since support for nested SAs was made optional in 4301 (vs. mandatory in 2301), it didn't seem reasonable to try to add the complexity that would be needed to enforce this constraint. However it might be worthwhile noting this in the Appendix, e.g., via an errata. Steve _______________________________________________ IPsec mailing list IPsec@ietf.org http://www.ietf.org/mailman/listinfo/ipsec From Casper-reywal-a@albasoft.gr Tue Feb 5 10:38:52 2008 Return-Path: X-Original-To: ipsec-archive@lists.ietf.org Delivered-To: ietfarch-ipsec-archive@mail.ietf.org Received: by mail.ietf.org (Postfix, from userid 51) id 0E06F3A688F; Tue, 5 Feb 2008 10:52:53 -0800 (PST) Received: from adsl190-28-27-80.epm.net.co (adsl190-28-27-80.epm.net.co [190.28.27.80]) by mail.ietf.org (Postfix) with ESMTP id 9BF0B28D42F for ; Tue, 5 Feb 2008 08:22:05 -0800 (PST) Message-ID: <000601c86813$741b9090$501b1cbe@sergione64ztjs> From: "Casper luciuk" To: ipsec-archive@lists.ietf.org Subject: She gives me head EVERY night now that I have such a large pecker Date: Tue, 5 Feb 2008 11:23:34 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--------=_NextPart_000_0002_01C867E9.8B458890" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 ----------=_NextPart_000_0002_01C867E9.8B458890 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Get back your sex life with renewed confidence from our certified pen1s = enlargements p1lls ----------=_NextPart_000_0002_01C867E9.8B458890 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Get back your sex life with = renewed=20 confidence from our certified pen1s enlargements p1lls ----------=_NextPart_000_0002_01C867E9.8B458890-- From HeathfurlWhitaker@rollingstone.com Tue Feb 5 10:42:53 2008 Return-Path: X-Original-To: ipsec-archive@lists.ietf.org Delivered-To: ietfarch-ipsec-archive@mail.ietf.org Received: by mail.ietf.org (Postfix, from userid 51) id 4E6593A79DF; Tue, 5 Feb 2008 10:52:48 -0800 (PST) Received: from teresad4fh6ebz.myhome.westell.com (pool-71-167-75-207.nycmny.east.verizon.net [71.167.75.207]) by mail.ietf.org (Postfix) with SMTP id B83693A7B2D; Mon, 4 Feb 2008 17:50:25 -0800 (PST) Received: from culpa by rollingstone.com with SMTP id WLKJWbJf22 for ; Mon, 4 Feb 2008 20:51:38 +0500 From: "Demetrius Wolf" To: , Date: Mon, 4 Feb 2008 17:50:25 -0800 (PST) After thatit's only fun and winning. We pay you to play. Relax and have fun with poker, blackjack, roulette, progressive video slots at your own leisure from your couch. Our safe, secure games will get you smiling when you start seeing dollars pouring in. http://beartf.cn/ From RobbiedishevelDominguez@luminous-landscape.com Tue Feb 5 10:43:21 2008 Return-Path: X-Original-To: ipsec-archive@lists.ietf.org Delivered-To: ietfarch-ipsec-archive@mail.ietf.org Received: by mail.ietf.org (Postfix, from userid 51) id CBD493A6821; Tue, 5 Feb 2008 10:53:06 -0800 (PST) Received: from usersb8bff10ff.lan (unknown [190.56.116.155]) by mail.ietf.org (Postfix) with SMTP id 4E9DF3A7B66; Mon, 4 Feb 2008 17:54:40 -0800 (PST) Message-ID: <389901c86828$8a283310$0301a8c0@usersb8bff10ff> From: "Efrain Wolf" To: , =20
If you have your own = business and=20 need IMMEDIATE money to spend ANY way you like or require Extra money to = give=20 your company a boost or require A low interest loan - NO STRINGS=20 ATTACHED!
=20
Don't worry about = approval... your=20 credit score will not disqualify you!
=20
http://beartb.com.cn/
------=_NextPart_000_3895_01C86828.8A283310-- From constantine@ssl-ttk.com Tue Feb 5 10:44:50 2008 Return-Path: X-Original-To: ipsec-archive@lists.ietf.org Delivered-To: ietfarch-ipsec-archive@mail.ietf.org Received: by mail.ietf.org (Postfix, from userid 51) id DA3713A7A89; Tue, 5 Feb 2008 10:52:57 -0800 (PST) Received: from dsl-UPwest-static-022.2.246.61.airtelbroadband.in (unknown [61.246.2.22]) by mail.ietf.org (Postfix) with SMTP id C3FCB3A96B3 for ; Tue, 5 Feb 2008 02:35:37 -0800 (PST) Received: from [69.237.168.58] (helo=bdegt) by dsl-UPwest-static-022.2.246.61.airtelbroadband.in with smtp (Exim 4.62 (FreeBSD)) id 1JMLIþ-0006Ra-BS; Tue, 5 Feb 2008 16:14:13 +0530 Message-ID: <002e01c867e3$5c6b4470$3aa8ed45@bdegt> From: To: Subject: Brand-trusted blue-pill! Date: Tue, 5 Feb 2008 16:09:18 +0530 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1252"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Life is pleasure with ED enhancers! http://jlo.owndeep.com From MargodartSheets@bgmod.com Tue Feb 5 10:45:36 2008 Return-Path: X-Original-To: ipsec-archive@lists.ietf.org Delivered-To: ietfarch-ipsec-archive@mail.ietf.org Received: by mail.ietf.org (Postfix, from userid 51) id 916BF3A6D3F; Tue, 5 Feb 2008 10:37:55 -0800 (PST) Received: from rick2ec185231a.home (pool-96-233-68-213.bstnma.fios.verizon.net [96.233.68.213]) by mail.ietf.org (Postfix) with SMTP id CDA503A9A60; Tue, 5 Feb 2008 03:24:05 -0800 (PST) Received: from cauliflower by bgmod.com with SMTP id 7YXIK9cbXF for ; Tue, 5 Feb 2008 06:21:44 +0500 From: "Jodie Woody" To: , Date: Tue, 5 Feb 2008 03:24:05 -0800 (PST) Get $2400 you download our casino. $2400 welcome bonus will be deposited in your new casino account! $2400 welcome bonus will be deposited in your new casino account! Get to know your new casino home! http://bearth.net.cn/ From ron.fleuren@oevermann.com Tue Feb 5 10:47:18 2008 Return-Path: X-Original-To: ipsec-archive@lists.ietf.org Delivered-To: ietfarch-ipsec-archive@mail.ietf.org Received: by mail.ietf.org (Postfix, from userid 51) id B03403A74FE; Tue, 5 Feb 2008 10:37:46 -0800 (PST) Received: from 181-230-91-219.static.youtele.com (unknown [219.91.230.181]) by mail.ietf.org (Postfix) with SMTP id 9EC283A890C for ; Mon, 4 Feb 2008 22:37:00 -0800 (PST) Received: (qmail 4321 invoked from network); Tue, 5 Feb 2008 12:18:02 +0530 Received: from unknown (HELO zpc) (205.233.239.217) by 181-230-91-219.static.youtele.com with SMTP; Tue, 5 Feb 2008 12:18:02 +0530 Message-ID: <001f01c867c3$0dd314c0$d9efe9cd@zpc> From: To: Subject: A Rose for My Love Date: Tue, 5 Feb 2008 12:18:02 +0530 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1252"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Sending You My Love http://218.4.251.194/ From MorrissecretariatShelton@theautochannel.com Tue Feb 5 10:49:31 2008 Return-Path: X-Original-To: ipsec-archive@lists.ietf.org Delivered-To: ietfarch-ipsec-archive@mail.ietf.org Received: by mail.ietf.org (Postfix, from userid 51) id E31603A6F34; Tue, 5 Feb 2008 10:37:57 -0800 (PST) Received: from clonplusultra.lan (unknown [201.245.240.48]) by mail.ietf.org (Postfix) with SMTP id A36FC3A7575; Mon, 4 Feb 2008 15:37:48 -0800 (PST) Received: from godlike by theautochannel.com with SMTP id rPeoTGTI6N for ; Mon, 4 Feb 2008 18:38:54 +0500 From: "Ken Caldwell" To: Subject: How about a $2400 welcome bonus Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20080204233748.A36FC3A7575@mail.ietf.org> Date: Mon, 4 Feb 2008 15:37:48 -0800 (PST) Huge progressive jackpots, slots, multi-hand, and single-hand blackjack. After thatit's only fun and winning. We're serious about fun. After thatit's only fun and winning. http://flybza.com.cn/ From IvantumultuousGraves@transmission.cc Tue Feb 5 10:51:30 2008 Return-Path: X-Original-To: ipsec-archive@lists.ietf.org Delivered-To: ietfarch-ipsec-archive@mail.ietf.org Received: by mail.ietf.org (Postfix, from userid 51) id 593333A6ABE; Tue, 5 Feb 2008 10:52:49 -0800 (PST) Received: from lino.lan (unknown [190.166.86.64]) by mail.ietf.org (Postfix) with SMTP id B407B28D3AA; Tue, 5 Feb 2008 08:14:56 -0800 (PST) Received: from maloney by transmission.cc with SMTP id fxMx3eNw75 for ; Tue, 5 Feb 2008 17:16:09 -0100 From: "Clifton Graves" To: Subject: USA players too! Download and GO! Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20080205161456.B407B28D3AA@mail.ietf.org> Date: Tue, 5 Feb 2008 08:14:56 -0800 (PST) Download our casino in 20 seconds to get $2400 richer when you join. Your own privater Vegas! After thatit's only fun and winning. Travel no further than your screen and get your free $2400 http://beartj.com.cn/ From bhavaniarun@yahoo.com Tue Feb 5 10:53:16 2008 Return-Path: X-Original-To: ipsec-archive@lists.ietf.org Delivered-To: ietfarch-ipsec-archive@mail.ietf.org Received: by mail.ietf.org (Postfix, from userid 51) id D2ED43A6D85; Tue, 5 Feb 2008 10:52:47 -0800 (PST) Received: from c-76-30-224-53.hsd1.tx.comcast.net (c-76-30-224-53.hsd1.tx.comcast.net [76.30.224.53]) by mail.ietf.org (Postfix) with ESMTP id 240103A7FE6 for ; Mon, 4 Feb 2008 19:15:27 -0800 (PST) Message-ID: <000901c867a5$0795634b$ed1121b9@byvdoidr> From: "hector caspar" To: "Bonita Kraft" Subject: perfectly crafted exclusive watches rolex Date: Tue, 05 Feb 2008 01:29:47 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 The finest of luxury timepieces at the LOWEST prices!! http://movacanunga.com/ From ddspolicy@precixinc.com Tue Feb 5 11:02:10 2008 Return-Path: X-Original-To: ipsec-archive@lists.ietf.org Delivered-To: ietfarch-ipsec-archive@mail.ietf.org Received: by mail.ietf.org (Postfix, from userid 51) id E2B563A6934; Tue, 5 Feb 2008 10:43:10 -0800 (PST) Received: from pptp77-79-140-126.ufanet.ru (pptp77-79-140-126.ufanet.ru [77.79.140.126]) by mail.ietf.org (Postfix) with SMTP id 593233A8DDB; Mon, 4 Feb 2008 23:58:34 -0800 (PST) Received: (qmail 30588 invoked from network); Tue, 5 Feb 2008 13:00:10 +0500 Received: from unknown (HELO rabotakiqy5p23) (ddspolicy@precixinc.com@201.101.146.140) by 7e8c4f4dprecixinc.com with SMTP; Tue, 5 Feb 2008 13:00:10 +0500 Message-ID: <001901c867f7$0a631db0$06aecfac@rabotakiqy5p23> From: Reyna K. Ramirez To: imapext-archive@lists.ietf.org Subject: at median Date: Tue, 5 Feb 2008 13:00:10 +0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0016_01C867F7.0A631DB0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.1081 X-Mimeole: Produced By Microsoft MimeOLE V6.00.2600.1081 This is a multi-part message in MIME format. ------=_NextPart_000_0016_01C867F7.0A631DB0 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: quoted-printable possibly destroying the environment and pristine wilderness interact with o= ther users & information providers. We can assume meaning of the text and the person they are communicating with. ------=_NextPart_000_0016_01C867F7.0A631DB0 Content-Type: text/html; charset="windows-1250" Content-Transfer-Encoding: quoted-printable

Billy makes contact with Jim a DJ at Radio KAOS, a renegade rock

You can have a bi/gg er pe \n/s

As Seen On T V

Ov /er 717,000 Men aro /und the world are already sat \isfied
Gain 4 Inches In Length
Inc \rease Your Pe /nis Wid /th (Gir \th) By u/p-to 29%
100% S \afe To Take, With NO Side Effe /cts
N o Pu \mps! N o Su \rgery! N o Exe \rcises!

and not the designer itself. Architects and draftspeople now have ------=_NextPart_000_0016_01C867F7.0A631DB0-- From jutwwwfzdis@wwwfz.com Tue Feb 5 11:03:08 2008 Return-Path: X-Original-To: ipsec-archive@lists.ietf.org Delivered-To: ietfarch-ipsec-archive@mail.ietf.org Received: by mail.ietf.org (Postfix, from userid 51) id 088A73A7F70; Tue, 5 Feb 2008 10:43:10 -0800 (PST) Received: from 54.subnet125-163-78.speedy.telkom.net.id (unknown [125.163.78.54]) by mail.ietf.org (Postfix) with ESMTP id 51E403A8A74; Mon, 4 Feb 2008 23:08:22 -0800 (PST) Received: from [125.163.78.54] by mail.wwwfz.com; Tue, 5 Feb 2008 14:12:13 +0700 Date: Tue, 5 Feb 2008 14:12:13 +0700 From: "Dudley Harding" X-Mailer: The Bat! (v3.71.01) Home Reply-To: jutwwwfzdis@wwwfz.com X-Priority: 3 (Normal) Message-ID: <608818590.13514136486148@wwwfz.com> To: idmr-archive@lists.ietf.org Subject: Customer alert! MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Dear client! We let you know, that you have 7 new messages to read in your letter-box. Please, check them this way: http://foreigngals.info/?idAff=35 Best regards to you, Administration. From FannienimbleMurdock@strassmann.com Tue Feb 5 11:03:29 2008 Return-Path: X-Original-To: ipsec-archive@lists.ietf.org Delivered-To: ietfarch-ipsec-archive@mail.ietf.org Received: by mail.ietf.org (Postfix, from userid 51) id 397DE3A6916; Tue, 5 Feb 2008 10:37:52 -0800 (PST) Received: from usuari55182da8.mundor.com (cm36021.red.mundo-r.com [213.60.36.21]) by mail.ietf.org (Postfix) with SMTP id 1FF693A8F79; Tue, 5 Feb 2008 00:42:53 -0800 (PST) Message-ID: <5e79d01c863e7$dff5eb10$15243cd5@usuari55182da8> From: "Kristine Albright" To: Cc: , =20
If you have your own = business and=20 want IMMEDIATE ready money to spend ANY way you like or need Extra money = to=20 give the business a boost or want A low interest loan - NO STRINGS=20 ATTACHED!
=20
Don't worry about = approval... your=20 credit score will not disqualify you!
=20
http://beartc.com.cn/
------=_NextPart_000_5E799_01C863E7.DFF5EB10-- From marcin-trahcs@LINEARX.COM Tue Feb 5 11:04:18 2008 Return-Path: X-Original-To: ipsec-archive@lists.ietf.org Delivered-To: ietfarch-ipsec-archive@mail.ietf.org Received: by mail.ietf.org (Postfix, from userid 51) id E7B7B3A7B3D; Tue, 5 Feb 2008 10:37:55 -0800 (PST) Received: from c135166.adsl.hansenet.de (c135183.adsl.hansenet.de [213.39.135.183]) by mail.ietf.org (Postfix) with ESMTP id EE45E3A8221 for ; Mon, 4 Feb 2008 19:56:53 -0800 (PST) Message-ID: <000b01c867ab$5c730710$a68727d5@svena47ea89931> From: "marcin kendricks" To: ipsec-archive@lists.ietf.org Subject: Reach areas you could never reach before with your new huge p3nis. Date: Tue, 5 Feb 2008 04:58:26 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--------=_NextPart_000_0007_01C867B3.BE376F10" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 ----------=_NextPart_000_0007_01C867B3.BE376F10 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Get a new lease of life with your new big dick. ----------=_NextPart_000_0007_01C867B3.BE376F10 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Get a new lease of life with your = new big=20 dick. ----------=_NextPart_000_0007_01C867B3.BE376F10-- From ipsec-bounces@ietf.org Wed Feb 13 00:40:40 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4E22228C731; Wed, 13 Feb 2008 00:40:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.229 X-Spam-Level: X-Spam-Status: No, score=-1.229 tagged_above=-999 required=5 tests=[AWL=-0.792, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08zWIoUIvg1V; Wed, 13 Feb 2008 00:40:36 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5C9EC28C6F0; Wed, 13 Feb 2008 00:40:35 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C55AA28C27A; Wed, 13 Feb 2008 00:40:33 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HE43m1VUC2B3; Wed, 13 Feb 2008 00:40:33 -0800 (PST) Received: from mgw-mx06.nokia.com (smtp.nokia.com [192.100.122.233]) by core3.amsl.com (Postfix) with ESMTP id A663A28C394; Wed, 13 Feb 2008 00:40:32 -0800 (PST) Received: from esebh107.NOE.Nokia.com (esebh107.ntc.nokia.com [172.21.143.143]) by mgw-mx06.nokia.com (Switch-3.2.6/Switch-3.2.6) with ESMTP id m1D8frNR030578; Wed, 13 Feb 2008 10:41:53 +0200 Received: from esebh104.NOE.Nokia.com ([172.21.143.34]) by esebh107.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 13 Feb 2008 10:41:52 +0200 Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh104.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 13 Feb 2008 10:41:52 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Wed, 13 Feb 2008 10:41:51 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Update for ikev2-ipv6-config draft Thread-Index: AchuHEdhVZlP14l1SVOMEXeOKcj+Nw== From: To: X-OriginalArrivalTime: 13 Feb 2008 08:41:52.0544 (UTC) FILETIME=[47F50A00:01C86E1C] X-Nokia-AV: Clean Cc: ipsec@ietf.org Subject: [IPsec] Update for ikev2-ipv6-config draft X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org Hi, I have posted a new version of the ikev2-ipv6-config draft (http://tools.ietf.org/id/draft-eronen-ipsec-ikev2-ipv6-config) which incorporates some new ideas based on good discussions in Vancouver (Hemant and Dave, thanks!). In particular, Section 5 has new text discussing the most important design choices to be made, and Appendix A has additional solution sketches for several design choice combinations. Section 6 still proposes the same solution as in draft version -01; that is, point-to-point link model where prefixes are assigned in IKEv2 configuration payloads, and access control is enforced by IPsec (traffic selectors in SAD/SPD). To me this seems to be the simplest solution -- however, the additional sketches in Appendix A should make it easier to compare different alternatives; and comments about them would be especially welcome! Best regards, Pasi _______________________________________________ IPsec mailing list IPsec@ietf.org http://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Wed Feb 13 10:07:15 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 15AD428C90B; Wed, 13 Feb 2008 10:07:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.872 X-Spam-Level: X-Spam-Status: No, score=-0.872 tagged_above=-999 required=5 tests=[AWL=-0.435, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O729TzdxPEse; Wed, 13 Feb 2008 10:07:14 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1E3F828C916; Wed, 13 Feb 2008 10:07:14 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D042028C916 for ; Wed, 13 Feb 2008 10:07:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mBlBz3xEd5UL for ; Wed, 13 Feb 2008 10:07:12 -0800 (PST) Received: from brmea-mail-2.sun.com (brmea-mail-2.Sun.COM [192.18.98.43]) by core3.amsl.com (Postfix) with ESMTP id EDD5428C90B for ; Wed, 13 Feb 2008 10:07:11 -0800 (PST) Received: from dm-east-02.east.sun.com ([129.148.13.5]) by brmea-mail-2.sun.com (8.13.6+Sun/8.12.9) with ESMTP id m1DI8YeC014176 for ; Wed, 13 Feb 2008 18:08:35 GMT Received: from everywhere.east.sun.com (everywhere.East.Sun.COM [129.148.19.2]) by dm-east-02.east.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id m1DI8Ykb062145 for ; Wed, 13 Feb 2008 13:08:34 -0500 (EST) Received: from everywhere.east.sun.com (localhost [127.0.0.1]) by everywhere.east.sun.com (8.14.2+Sun/8.14.2) with ESMTP id m1DI12NQ004768 for ; Wed, 13 Feb 2008 13:01:02 -0500 (EST) Received: (from danmcd@localhost) by everywhere.east.sun.com (8.14.2+Sun/8.14.2/Submit) id m1DI12wp004767 for ipsec@ietf.org; Wed, 13 Feb 2008 13:01:02 -0500 (EST) X-Authentication-Warning: everywhere.east.sun.com: danmcd set sender to danmcd@sun.com using -f Date: Wed, 13 Feb 2008 13:01:02 -0500 From: Dan McDonald To: ipsec@ietf.org Message-ID: <20080213180102.GD4501@sun.com> MIME-Version: 1.0 Content-Disposition: inline Organization: Sun Microsystems, Inc. - Solaris Networking & Security User-Agent: Mutt/1.5.17 (2007-11-01) Subject: [IPsec] Request for Interop --> HMAC-SHA2 ala. RFC 4868 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org Anyone out there with working code for HMAC-SHA2 (esp. 384 and 512) per RFC 4868? I'm running into problems with 384 especially, and the only implementation to which I have easy access (MacOS X 10.5.2) doesn't even interoperate with SHA-512, and does 12-byte hashes instead of div-by-2 hashes. I can workaround the truncation easily, but I'd like to know someone's got actual working code which I can interoperate against. Thanks, Dan _______________________________________________ IPsec mailing list IPsec@ietf.org http://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Wed Feb 13 16:38:20 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 788463A6FF7; Wed, 13 Feb 2008 16:38:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.464 X-Spam-Level: X-Spam-Status: No, score=-2.464 tagged_above=-999 required=5 tests=[AWL=-2.027, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F-sOd2hZeC42; Wed, 13 Feb 2008 16:38:19 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 578323A6FFA; Wed, 13 Feb 2008 16:38:19 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A43643A6FFA for ; Wed, 13 Feb 2008 16:38:17 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5D32YaDNltJD for ; Wed, 13 Feb 2008 16:38:16 -0800 (PST) Received: from e34.co.us.ibm.com (e34.co.us.ibm.com [32.97.110.152]) by core3.amsl.com (Postfix) with ESMTP id 721F53A6FF7 for ; Wed, 13 Feb 2008 16:38:16 -0800 (PST) Received: from d03relay02.boulder.ibm.com (d03relay02.boulder.ibm.com [9.17.195.227]) by e34.co.us.ibm.com (8.13.8/8.13.8) with ESMTP id m1E0dSnR017336 for ; Wed, 13 Feb 2008 19:39:28 -0500 Received: from d03av02.boulder.ibm.com (d03av02.boulder.ibm.com [9.17.195.168]) by d03relay02.boulder.ibm.com (8.13.8/8.13.8/NCO v8.7) with ESMTP id m1E0dRr5206920 for ; Wed, 13 Feb 2008 17:39:27 -0700 Received: from d03av02.boulder.ibm.com (loopback [127.0.0.1]) by d03av02.boulder.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id m1E0dRLf024102 for ; Wed, 13 Feb 2008 17:39:27 -0700 Received: from austin.ibm.com (netmail2.austin.ibm.com [9.41.248.176]) by d03av02.boulder.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id m1E0dRm2024084; Wed, 13 Feb 2008 17:39:27 -0700 Received: from faith.austin.ibm.com (faith.austin.ibm.com [9.53.40.35]) by austin.ibm.com (8.13.8/8.12.10) with ESMTP id m1E0dPuS072524; Wed, 13 Feb 2008 18:39:25 -0600 Received: from faith.austin.ibm.com (localhost.localdomain [127.0.0.1]) by faith.austin.ibm.com (8.13.4/8.12.8) with ESMTP id m1E0awpS011046; Wed, 13 Feb 2008 18:36:58 -0600 Received: (from jml@localhost) by faith.austin.ibm.com (8.13.4/8.13.4/Submit) id m1E0avhF011044; Wed, 13 Feb 2008 18:36:57 -0600 Date: Wed, 13 Feb 2008 18:36:57 -0600 From: Joy Latten Message-Id: <200802140036.m1E0avhF011044@faith.austin.ibm.com> To: kent@bbn.com Cc: ipsec@ietf.org, sommerfeld@sun.com, ynir@checkpoint.com Subject: Re: [IPsec] question regarding ikev2 rfc X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org I apologize for the delay in my response. >>My colleagues and I implemented technology that uses "labeled" SAs >>to enforce mandatory access control on the network. We introduced a >>new security attribute to allow IKE to communicate an opaque >>security label when negotiating an SA. The IPsec DOI (rfc 2407) >>contained a SIT_SECRECY and SIT_INTEGRITY but these were not >>sufficient. I also noticed they are not in IKEv2. >> >>It had been our intention to create an addendum to IPsec DOI and >>receive number from IANA for the security attribute. Thus allowing >>interoperability. But IKEv2 has obsoleted IPsec DOI and IKEv1. >> >>Perhaps it could be considered an addendum to IKEv2, but I am not >>sure if it would be considered a transform type? Any suggestions >>would be greatly appreciated. >> >RFC 2301 discussed using IPSO labels for mandatory access control, >but there was so little interest in the community that the discussion >was removed from 4301. I presume you're using IPSO or CIPSO, right? > We are not using IPSO or CIPSO. My underlying security mechanism is SELinux which uses type enforcement, RBAC, and multi-level security to enforce MAC. All objects and subjects within the OS are labeled. The security label is a string formatted as user:role:type:sensitivity-level. CIPSO accomodated the sensitivity level, but not the entire SELinux label. Thus, we extended ISAKMP/IPsec DOI to include an attribute that negotiated a security label string. We tried to make this an "opaque blob" to IKE such that different security mechanisms can utilize. We do not communicate, but negotiate the label. If the label is not an acceptable one for responder, then negotiation ends. However, this requires communication with kernel or underlying security mechanism to determine. (Big hack and needs better solution.) This way, inbound processing only needs spi to pull up correct SA. This is different from 2401 which says for inbound processing, you SHOULD first check the packet's label (as defined in SA) against interfaces label for validity. >Use of security labels would require additions to many parts of >IPsec, e.g., the PAD and SPD, as well as IKE for carriage of labels >to be used to negotiate child SAs. Yes, I understand. Our implementation referenced the older set of RFCs and the internet-draft I'd started was an addendum to ISAKMP/IPsec DOI, which are obsoleted by IKEv2. I'd be happy to do an internet-draft or to assist someone else. We used this feature in IPsec to acquire LSPP certification and others have indicated interest. Especially since it accomodates ipv6 too. I have included a pointer to a very high level design description. It is a little out-dated and references the Linux kernel, but provides a basic description if anyone is interested. http://www.cse.psu.edu/~tjaeger/papers/securecomm06.pdf regards, Joy _______________________________________________ IPsec mailing list IPsec@ietf.org http://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Thu Feb 14 18:21:56 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DB8543A70B4; Thu, 14 Feb 2008 18:21:56 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.705 X-Spam-Level: X-Spam-Status: No, score=-0.705 tagged_above=-999 required=5 tests=[AWL=-0.268, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GkjffJTLGx47; Thu, 14 Feb 2008 18:21:55 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4ED353A6D45; Thu, 14 Feb 2008 18:21:45 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0ACAE3A69BB for ; Thu, 14 Feb 2008 18:21:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MMT6UAryMZBn for ; Thu, 14 Feb 2008 18:21:43 -0800 (PST) Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id 17EC33A7102 for ; Thu, 14 Feb 2008 18:19:09 -0800 (PST) Received: from [10.20.30.162] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id m1F2KRYt063393 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 14 Feb 2008 19:20:29 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: Date: Thu, 14 Feb 2008 18:20:19 -0800 To: IPsec WG From: rfc-editor@rfc-editor.org Subject: [IPsec] RFC 5106 on The Extensible Authentication Protocol-Internet Key Exchange Protocol version 2 (EAP-IKEv2) Method X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org A new Request for Comments is now available in online RFC libraries. RFC 5106 Title: The Extensible Authentication Protocol-Internet Key Exchange Protocol version 2 (EAP-IKEv2) Method Author: H. Tschofenig, D. Kroeselberg, A. Pashalidis, Y. Ohba, F. Bersani Status: Experimental Date: February 2008 Mailbox: Hannes.Tschofenig@nsn.com, Dirk.Kroeselberg@nsn.com, pashalidis@nw.neclab.eu, yohba@tari.toshiba.com, florent.ftrd@gmail.com Pages: 33 Characters: 76645 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-tschofenig-eap-ikev2-15.txt URL: http://www.rfc-editor.org/rfc/rfc5106.txt This document specifies EAP-IKEv2, an Extensible Authentication Protocol (EAP) method that is based on the Internet Key Exchange (IKEv2) protocol. EAP-IKEv2 provides mutual authentication and session key establishment between an EAP peer and an EAP server. It supports authentication techniques that are based on passwords, high-entropy shared keys, and public key certificates. EAP-IKEv2 further provides support for cryptographic ciphersuite negotiation, hash function agility, identity confidentiality (in certain modes of operation), fragmentation, and an optional "fast reconnect" mode. This memo defines an Experimental Protocol for the Internet community. EXPERIMENTAL: This memo defines an Experimental Protocol for the Internet community. It does not specify an Internet standard of any kind. Discussion and suggestions for improvement are requested. Distribution of this memo is unlimited. This announcement is sent to the IETF list and the RFC-DIST list. Requests to be added to or deleted from the IETF distribution list should be sent to IETF-REQUEST@IETF.ORG. Requests to be added to or deleted from the RFC-DIST distribution list should be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG. Details on obtaining RFCs via FTP or EMAIL may be obtained by sending an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body help: ways_to_get_rfcs. For example: To: rfc-info@RFC-EDITOR.ORG Subject: getting rfcs help: ways_to_get_rfcs Requests for special distribution should be addressed to either the author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. Submissions for Requests for Comments should be sent to RFC-EDITOR@RFC-EDITOR.ORG. Please consult RFC 2223, Instructions to RFC Authors, for further information. The RFC Editor Team USC/Information Sciences Institute ... _______________________________________________ IPsec mailing list IPsec@ietf.org http://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Wed Feb 20 10:09:51 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0BCF728C802; Wed, 20 Feb 2008 10:09:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.517 X-Spam-Level: X-Spam-Status: No, score=-1.517 tagged_above=-999 required=5 tests=[AWL=-1.080, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Q9puiZQeIiS; Wed, 20 Feb 2008 10:09:50 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1FEFB28C657; Wed, 20 Feb 2008 10:09:50 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E420628C8F2 for ; Wed, 20 Feb 2008 10:09:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EBt4VTRk4WVG for ; Wed, 20 Feb 2008 10:09:38 -0800 (PST) Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id 9A4AA28C657 for ; Wed, 20 Feb 2008 10:09:38 -0800 (PST) Received: from [10.20.30.162] (dsl-63-249-108-169.cruzio.com [63.249.108.169]) (authenticated bits=0) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id m1KI9YiK033164 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 20 Feb 2008 11:09:35 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: Date: Wed, 20 Feb 2008 10:09:31 -0800 To: IPsec WG From: Internet-Drafts@ietf.org Subject: [IPsec] I-D ACTION:draft-black-ipsec-ikev2-aead-modes-00.txt X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol Author(s) : D. Black, D. McGrew Filename : draft-black-ipsec-ikev2-aead-modes-00.txt Pages : 14 Date : 2008-2-15 An authenticated encryption algorithm combines encryption and integrity into a single operation; such algorithms may also be referred to as combined modes of an encryption cipher or as combined mode algorithms. This document describes the use of authenticated encryption algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) protocol. The use of two specific authenticated encryption algorithms with the IKEv2 Encrypted Payload is also described; these two algorithms are the Advanced Encryption Standard (AES) in Galois/Counter Mode (AES GCM) and AES in Counter with CBC-MAC Mode (AES CCM). Additional documents may describe use of other authenticated encryption algorithms with the IKEv2 Encrypted Payload. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-black-ipsec-ikev2-aead-modes-00.txt _______________________________________________ IPsec mailing list IPsec@ietf.org http://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Mon Feb 25 14:36:16 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7FDC428CB9F; Mon, 25 Feb 2008 14:36:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.198 X-Spam-Level: X-Spam-Status: No, score=-1.198 tagged_above=-999 required=5 tests=[AWL=-0.761, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O2rzUQ+p1Rm2; Mon, 25 Feb 2008 14:36:15 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D1E6F28CC8E; Mon, 25 Feb 2008 14:13:42 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 24EE528CC96 for ; Mon, 25 Feb 2008 14:13:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wsC7GeEtUzJi for ; Mon, 25 Feb 2008 14:13:40 -0800 (PST) Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id EE24C28D45C for ; Mon, 25 Feb 2008 14:05:56 -0800 (PST) Received: from [10.20.30.152] (adsl-66-125-125-65.dsl.pltn13.pacbell.net [66.125.125.65]) (authenticated bits=0) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id m1PM5njG070506 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 25 Feb 2008 15:05:50 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 Message-Id: Date: Mon, 25 Feb 2008 14:05:46 -0800 To: IPsec WG From: Paul Hoffman Subject: [IPsec] Fwd: I-D Action:draft-hoffman-ikev2bis-03.txt X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org >A New Internet-Draft is available from the on-line Internet-Drafts >directories. > > Title : Internet Key Exchange Protocol: IKEv2 > Author(s) : C. Kaufman, et al. > Filename : draft-hoffman-ikev2bis-03.txt > Pages : 129 > Date : 2008-02-25 > >This document describes version 2 of the Internet Key Exchange (IKE) >protocol. It is a restatement of RFC 4306, and includes all of the >clarifications from RFC 4718. > >A URL for this Internet-Draft is: >http://www.ietf.org/internet-drafts/draft-hoffman-ikev2bis-03.txt This version has a bunch of changes, some significant. Please read the change log at the end of the document for a list. We are always seeking comments, particularly from new IKEv2 developers (old developers are of course welcome to say what they just discovered...). --Paul Hoffman, Director --VPN Consortium _______________________________________________ IPsec mailing list IPsec@ietf.org http://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Mon Feb 25 17:23:41 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 91DC63A6DB0; Mon, 25 Feb 2008 17:23:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.264 X-Spam-Level: X-Spam-Status: No, score=-0.264 tagged_above=-999 required=5 tests=[AWL=0.173, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pGxk00Fs7sHC; Mon, 25 Feb 2008 17:23:41 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3E36228CEDD; Mon, 25 Feb 2008 16:49:13 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D2A5928CED9 for ; Mon, 25 Feb 2008 16:49:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fxyWiM9bprte for ; Mon, 25 Feb 2008 16:49:10 -0800 (PST) Received: from mail2.ics.ntts.co.jp (mail2.ics.ntts.co.jp [202.32.24.42]) by core3.amsl.com (Postfix) with ESMTP id E37A828C627 for ; Mon, 25 Feb 2008 16:41:07 -0800 (PST) Received: from sadoku34.silk.ntts.co.jp (sadoku34 [10.7.18.34]) by mail2.ics.ntts.co.jp (8.13.8/NTTSOFT) with ESMTP id m1Q0exVH014828; Tue, 26 Feb 2008 09:40:59 +0900 (JST) Received: (from root@localhost) by sadoku34.silk.ntts.co.jp (8.13.8/NTTSOFT) id m1Q0exoI008348; Tue, 26 Feb 2008 09:40:59 +0900 (JST) Received: from mail26.silk.ntts.co.jp [10.7.18.26] by sadoku34.silk.ntts.co.jp with SMTP id KAA08231; Tue, 26 Feb 2008 09:39:53 +0900 Received: from mail26.silk.ntts.co.jp (localhost [127.0.0.1]) by mail26.silk.ntts.co.jp (8.13.8/NTTSOFT) with ESMTP id m1Q0drEH028211; Tue, 26 Feb 2008 09:39:53 +0900 (JST) Received: from [127.0.0.1] (lepus.ms.ntts.co.jp [10.7.221.39]) by mail26.silk.ntts.co.jp (8.13.8/NTTSOFT) with ESMTP id m1Q0docW028076; Tue, 26 Feb 2008 09:39:53 +0900 (JST) Message-ID: <47C35FD5.1060106@po.ntts.co.jp> Date: Tue, 26 Feb 2008 09:39:49 +0900 From: KATO Akihiro User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: ipsec@ietf.org Cc: Tero Kivinen Subject: [IPsec] [Fwd: New Version Notification for draft-kato-ipsec-camellia-cmac96and128-02] X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org Hi all, I've posted new revision of draft-kato-ipsec-camellia-cmac96and128. This version is updated based on comment by Tero Kivinen (Thank you for reviewing). I summarize modifications. 1 Modify section 5. suitable to section 2.14 of draft-hoffman-ikev2bis-02 (Oops updated -03) -> Remove fixed size keying material description for PRF -> Declare preferred key length. 2 Reconstruct suitable references 3 Fixed some editorial NITs Comments about our document would be welcome. -------- Original Message -------- Subject: New Version Notification for draft-kato-ipsec-camellia-cmac96and128-02 Date: Mon, 25 Feb 2008 01:51:26 -0800 (PST) From: IETF I-D Submission Tool To: akato@po.ntts.co.jp CC: kanda.masayuki@lab.ntt.co.jp, iwata@cse.nagoya-u.ac.jp A new version of I-D, draft-kato-ipsec-camellia-cmac96and128-02.txt has been successfuly submitted by Akihiro Kato and posted to the IETF repository. Filename: draft-kato-ipsec-camellia-cmac96and128 Revision: 02 Title: The Camellia-CMAC-96 and Camellia-CMAC-PRF-128 Algorithms and Its Use with IPsec Creation_date: 2008-02-25 WG ID: Independent Submission Number_of_pages: 22 Abstract: This memo specifies two new algorithms. One is the usage of Cipher- based Message Authentication Code (CMAC) with Camellia block cipher on the authentication mechanism of the IPsec Encapsulating Security Payload and Authentication Header protocols. This algorithm is called Camellia-CMAC-96. Latter is pseudo-random function based on CMAC with Camellia block cipher for Internet Key Exchange. This algorithm is called Camellia-CMAC-PRF-128. The IETF Secretariat. -- - KATO Akihiro + NTT Software Corporation _______________________________________________ IPsec mailing list IPsec@ietf.org http://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Tue Feb 26 12:48:52 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ECDF63A6D62; Tue, 26 Feb 2008 12:48:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.233 X-Spam-Level: X-Spam-Status: No, score=-2.233 tagged_above=-999 required=5 tests=[AWL=-1.796, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MekRY+EQKELd; Tue, 26 Feb 2008 12:48:50 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9CD513A6CEF; Tue, 26 Feb 2008 12:48:50 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4F75C28C27F for ; Tue, 26 Feb 2008 12:48:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BgmLyHO-OM+g for ; Tue, 26 Feb 2008 12:48:48 -0800 (PST) Received: from e31.co.us.ibm.com (e31.co.us.ibm.com [32.97.110.149]) by core3.amsl.com (Postfix) with ESMTP id 7D75E28C1A2 for ; Tue, 26 Feb 2008 12:48:17 -0800 (PST) Received: from d03relay02.boulder.ibm.com (d03relay02.boulder.ibm.com [9.17.195.227]) by e31.co.us.ibm.com (8.13.8/8.13.8) with ESMTP id m1QKmA4B002402 for ; Tue, 26 Feb 2008 15:48:10 -0500 Received: from d03av03.boulder.ibm.com (d03av03.boulder.ibm.com [9.17.195.169]) by d03relay02.boulder.ibm.com (8.13.8/8.13.8/NCO v8.7) with ESMTP id m1QKmAUO215402 for ; Tue, 26 Feb 2008 13:48:10 -0700 Received: from d03av03.boulder.ibm.com (loopback [127.0.0.1]) by d03av03.boulder.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id m1QKmAVv023811 for ; Tue, 26 Feb 2008 13:48:10 -0700 Received: from austin.ibm.com (netmail1.austin.ibm.com [9.41.248.175]) by d03av03.boulder.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id m1QKmA62023800; Tue, 26 Feb 2008 13:48:10 -0700 Received: from faith.austin.ibm.com (faith.austin.ibm.com [9.53.40.35]) by austin.ibm.com (8.13.8/8.12.10) with ESMTP id m1QKm9X2028724; Tue, 26 Feb 2008 14:48:09 -0600 Received: from faith.austin.ibm.com (localhost.localdomain [127.0.0.1]) by faith.austin.ibm.com (8.13.4/8.12.8) with ESMTP id m1QKjObD015156; Tue, 26 Feb 2008 14:45:24 -0600 Received: (from jml@localhost) by faith.austin.ibm.com (8.13.4/8.13.4/Submit) id m1QKjOwN015155; Tue, 26 Feb 2008 14:45:24 -0600 X-Authentication-Warning: faith.austin.ibm.com: jml set sender to latten@austin.ibm.com using -f From: Joy Latten To: ipsec@ietf.org Date: Tue, 26 Feb 2008 14:45:23 -0600 Message-Id: <1204058724.2461.7.camel@faith.austin.ibm.com> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 (2.2.3-2.fc4) Cc: tchicks@us.ibm.com Subject: [IPsec] PFP flag in rfc 4301 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org The rfc 4301 describes Populate-from-Packet feature. I could not readily determine if it is something SPD or IPsec implementation MUST have or SHOULD have? regards, Joy _______________________________________________ IPsec mailing list IPsec@ietf.org http://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Tue Feb 26 13:00:04 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 879EE28C3B7; Tue, 26 Feb 2008 13:00:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.64 X-Spam-Level: X-Spam-Status: No, score=-0.64 tagged_above=-999 required=5 tests=[AWL=-0.203, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sIcG5uHh3AZV; Tue, 26 Feb 2008 13:00:03 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BA9AF3A6D11; Tue, 26 Feb 2008 13:00:03 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AFF933A6C86 for ; Tue, 26 Feb 2008 13:00:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3IgP7aUcJvjA for ; Tue, 26 Feb 2008 13:00:01 -0800 (PST) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.170]) by core3.amsl.com (Postfix) with ESMTP id C9B2D3A6B94 for ; Tue, 26 Feb 2008 13:00:01 -0800 (PST) Received: by wf-out-1314.google.com with SMTP id 25so1674357wfa.31 for ; Tue, 26 Feb 2008 12:59:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=XJuLV2n2PQ/2ZUWYs3arVNRZmKjgwmVG57rUSTi67yM=; b=G0/ZSXgFSW5z3kZLEO77T3+mrxNTmGkbwE/Nm5jxz5mAt5RSe5sVRGpX7YjM7OWp6tA+WqPmGZHSdTHFfFC7cRRaWOieYK3iU+YRemhdvUoPCusNCMRETijDOT080oieCSPbqfKWVi6Haf+1saopkjryM4KDMCc1TvMEWT/HElg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=BnTofV3uRPVY8bkrfkoHmxAQVOg4Cwf2WUmLKpZMgoYPr+CIYGqArrlDV9yf2QEq8xEVyYMm5ICHbcuRFfI/YAC+w4hTR4kr5qozzwWmlJ7DPXNeXvEogVYTAKfEmetzbQfoVCdA6ADC8z4ZCz2v5q6hF1J2ag3x67aEqjzM4EQ= Received: by 10.142.131.18 with SMTP id e18mr4277839wfd.36.1204059595763; Tue, 26 Feb 2008 12:59:55 -0800 (PST) Received: by 10.143.164.14 with HTTP; Tue, 26 Feb 2008 12:59:55 -0800 (PST) Message-ID: <77ead0ec0802261259i3c56505am74f3b3ec9b220f2c@mail.gmail.com> Date: Tue, 26 Feb 2008 12:59:55 -0800 From: "Vishwas Manral" To: "Joy Latten" In-Reply-To: <1204058724.2461.7.camel@faith.austin.ibm.com> MIME-Version: 1.0 Content-Disposition: inline References: <1204058724.2461.7.camel@faith.austin.ibm.com> Cc: ipsec@ietf.org, tchicks@us.ibm.com Subject: Re: [IPsec] PFP flag in rfc 4301 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org Hi Joy, In my view as PFP is not a signaled element, we do not support PFP is the implementation does not require it. It is a local matter of a particular application. RFC4301 states: The form of the database and its interface are outside the scope of this specification. However, this section specifies minimum management functionality that must be provided, to allow a user or system administrator to control whether and how IPsec is applied to traffic transmitted or received by a host or transiting a security gateway. So in my view depending on the implementation you could or not support PFP. Thanks, Vishwas On Tue, Feb 26, 2008 at 12:45 PM, Joy Latten wrote: > The rfc 4301 describes Populate-from-Packet feature. > I could not readily determine if it is something SPD > or IPsec implementation MUST have or SHOULD have? > > regards, > Joy > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > http://www.ietf.org/mailman/listinfo/ipsec > _______________________________________________ IPsec mailing list IPsec@ietf.org http://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Tue Feb 26 18:45:29 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7754A3A6CB4; Tue, 26 Feb 2008 18:45:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.351 X-Spam-Level: X-Spam-Status: No, score=-0.351 tagged_above=-999 required=5 tests=[AWL=-0.514, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, J_CHICKENPOX_72=0.6, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hPjohW4d9kWi; Tue, 26 Feb 2008 18:45:28 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8B80B3A69B0; Tue, 26 Feb 2008 18:45:28 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 78B043A6994 for ; Tue, 26 Feb 2008 18:45:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bj+HAh+Wy4jh for ; Tue, 26 Feb 2008 18:45:26 -0800 (PST) Received: from mx12.bbn.com (mx12.bbn.com [128.33.0.81]) by core3.amsl.com (Postfix) with ESMTP id 8A0FD3A6883 for ; Tue, 26 Feb 2008 18:45:26 -0800 (PST) Received: from dommiel.bbn.com ([192.1.122.15] helo=[169.223.13.71]) by mx12.bbn.com with esmtp (Exim 4.60) (envelope-from ) id 1JUCII-0005Th-5A; Tue, 26 Feb 2008 21:45:20 -0500 Mime-Version: 1.0 Message-Id: In-Reply-To: <1204058724.2461.7.camel@faith.austin.ibm.com> References: <1204058724.2461.7.camel@faith.austin.ibm.com> Date: Tue, 26 Feb 2008 21:45:24 -0500 To: Joy Latten From: Stephen Kent Cc: ipsec@ietf.org, tchicks@us.ibm.com Subject: Re: [IPsec] PFP flag in rfc 4301 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org At 2:45 PM -0600 2/26/08, Joy Latten wrote: >The rfc 4301 describes Populate-from-Packet feature. >I could not readily determine if it is something SPD >or IPsec implementation MUST have or SHOULD have? > >regards, >Joy >_______________________________________________ >IPsec mailing list >IPsec@ietf.org >http://www.ietf.org/mailman/listinfo/ipsec PFP is part of the description of an SPD entry. 4301 does not mandate a specific SPD entry format, BUT it does require that a compliant implementation be able to operate as though the SPD is implemented as defined in the SPD model. So, for example,if your implementation offers as way to configure the SPD to trigger creation of a different SA for each TCP connection between the same 2 IP addresses, a feature that PFP allows, then you would be probably be compliant. If not, then you are not. Steve P.S. Vishwas's observation that "In my view as PFP is not a signaled element, we do not support PFP is the implementation does not require it." is not correct. Many aspects of the SPD/SAD model defined in 4301 are not signalled explicitly. The criteria for conformance is how the implementation behaves, not only as seen by a peer, but also as seen by a user/app. _______________________________________________ IPsec mailing list IPsec@ietf.org http://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Tue Feb 26 19:21:09 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D8F1C3A67EC; Tue, 26 Feb 2008 19:21:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.32 X-Spam-Level: X-Spam-Status: No, score=-0.32 tagged_above=-999 required=5 tests=[AWL=-0.483, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, J_CHICKENPOX_72=0.6, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zf0svo7O7iHw; Tue, 26 Feb 2008 19:21:09 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 08ED53A68F1; Tue, 26 Feb 2008 19:21:09 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 66DF53A67EC for ; Tue, 26 Feb 2008 19:21:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V2YZ3-Xyb6X8 for ; Tue, 26 Feb 2008 19:21:06 -0800 (PST) Received: from brmea-mail-1.sun.com (brmea-mail-1.Sun.COM [192.18.98.31]) by core3.amsl.com (Postfix) with ESMTP id 7155E3A68F1 for ; Tue, 26 Feb 2008 19:21:05 -0800 (PST) Received: from dm-east-02.east.sun.com ([129.148.13.5]) by brmea-mail-1.sun.com (8.13.6+Sun/8.12.9) with ESMTP id m1R3KuRN026105 for ; Wed, 27 Feb 2008 03:20:57 GMT Received: from everywhere.east.sun.com (everywhere.East.Sun.COM [129.148.19.2]) by dm-east-02.east.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id m1R3Kump037272 for ; Tue, 26 Feb 2008 22:20:56 -0500 (EST) Received: from everywhere.east.sun.com (localhost [127.0.0.1]) by everywhere.east.sun.com (8.14.2+Sun/8.14.2) with ESMTP id m1R2wQT5003358; Tue, 26 Feb 2008 21:58:26 -0500 (EST) Received: (from danmcd@localhost) by everywhere.east.sun.com (8.14.2+Sun/8.14.2/Submit) id m1R2wPdB003357; Tue, 26 Feb 2008 21:58:25 -0500 (EST) X-Authentication-Warning: everywhere.east.sun.com: danmcd set sender to danmcd@sun.com using -f Date: Tue, 26 Feb 2008 21:58:25 -0500 From: Dan McDonald To: Stephen Kent Message-ID: <20080227025825.GL1594@sun.com> References: <1204058724.2461.7.camel@faith.austin.ibm.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Organization: Sun Microsystems, Inc. - Solaris Networking & Security User-Agent: Mutt/1.5.17 (2007-11-01) Cc: ipsec@ietf.org, tchicks@us.ibm.com, Joy Latten Subject: Re: [IPsec] PFP flag in rfc 4301 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org On Tue, Feb 26, 2008 at 09:45:24PM -0500, Stephen Kent wrote: > PFP is part of the description of an SPD entry. 4301 does not mandate > a specific SPD entry format, BUT it does require that a compliant > implementation be able to operate as though the SPD is implemented as > defined in the SPD model. So, for example,if your implementation > offers as way to configure the SPD to trigger creation of a different > SA for each TCP connection between the same 2 IP addresses, a feature > that PFP allows, then you would be probably be compliant. If not, > then you are not. Those in the audience who wish to see an example, please check out the "sa unique" keyword pair in OpenSolaris's ipsecconf(1M) command, and look for "unique" in various bits of IPsec SPD code in the OpenSolaris kernel. Dan _______________________________________________ IPsec mailing list IPsec@ietf.org http://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Wed Feb 27 00:29:56 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9ADFA3A6DF7; Wed, 27 Feb 2008 00:29:56 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.089 X-Spam-Level: X-Spam-Status: No, score=-1.089 tagged_above=-999 required=5 tests=[AWL=-1.252, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, J_CHICKENPOX_72=0.6, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xkUICD-EOPzO; Wed, 27 Feb 2008 00:29:51 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C97AA3A6DCF; Wed, 27 Feb 2008 00:29:48 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BFB4F3A6966 for ; Wed, 27 Feb 2008 00:29:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xSc2wObdnOvB for ; Wed, 27 Feb 2008 00:29:47 -0800 (PST) Received: from dlpdemo.checkpoint.com (dyn32-54.checkpoint.com [194.29.32.54]) by core3.amsl.com (Postfix) with ESMTP id D18273A6911 for ; Wed, 27 Feb 2008 00:29:46 -0800 (PST) Received: by dlpdemo.checkpoint.com (Postfix, from userid 105) id 7028C294003; Wed, 27 Feb 2008 10:35:34 +0200 (IST) Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by dlpdemo.checkpoint.com (Postfix) with ESMTP id D32DC294002; Wed, 27 Feb 2008 10:35:33 +0200 (IST) Received: from MBP.checkpoint.com (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id m1R8TcDN029041; Wed, 27 Feb 2008 10:29:38 +0200 (IST) Message-Id: <06F60E10-1728-4E12-B8EF-C15021A9FEE3@checkpoint.com> From: Yoav Nir To: ipsec@ietf.org In-Reply-To: Mime-Version: 1.0 (Apple Message framework v919.2) Date: Wed, 27 Feb 2008 10:29:37 +0200 References: <1204058724.2461.7.camel@faith.austin.ibm.com> X-Mailer: Apple Mail (2.919.2) Cc: Stephen Kent Subject: Re: [IPsec] PFP flag in rfc 4301 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org On Feb 27, 2008, at 4:45 AM, Stephen Kent wrote: > PFP is part of the description of an SPD entry. 4301 does not mandate > a specific SPD entry format, BUT it does require that a compliant > implementation be able to operate as though the SPD is implemented as > defined in the SPD model. So, for example,if your implementation > offers as way to configure the SPD to trigger creation of a different > SA for each TCP connection between the same 2 IP addresses, a feature > that PFP allows, then you would be probably be compliant. If not, > then you are not. > > Steve > > P.S. Vishwas's observation that "In my view as PFP is not a signaled > element, we do not support PFP is the implementation does not require > it." is not correct. Many aspects of the SPD/SAD model defined in > 4301 are not signalled explicitly. The criteria for conformance is > how the implementation behaves, not only as seen by a peer, but also > as seen by a user/app. That is correct, but it is possible for a particular implementation not to offer all the rich configurability suggested by RFC 4301. For example, you can have the traffic selectors pre-configured, and always use those subnets. In RFC 4301 terms, you can have all the PFP flags set to false, and not allow the user to configure them. That is a user interface consideration that does not harm interoperability. Just as you don't usually allow users to configure the nonce size in IKE. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Wed Feb 27 01:01:18 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5DBA328C52C; Wed, 27 Feb 2008 01:01:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.54 X-Spam-Level: X-Spam-Status: No, score=-0.54 tagged_above=-999 required=5 tests=[AWL=-0.103, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x8Hps50xOfHn; Wed, 27 Feb 2008 01:01:15 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 016253A684A; Wed, 27 Feb 2008 01:01:15 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EFCAE3A684A for ; Wed, 27 Feb 2008 01:01:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LCr-6ELtikS8 for ; Wed, 27 Feb 2008 01:01:13 -0800 (PST) Received: from mx12.bbn.com (mx12.bbn.com [128.33.0.81]) by core3.amsl.com (Postfix) with ESMTP id CE85F3A67AE for ; Wed, 27 Feb 2008 01:01:12 -0800 (PST) Received: from dommiel.bbn.com ([192.1.122.15] helo=[192.168.101.9]) by mx12.bbn.com with esmtp (Exim 4.60) (envelope-from ) id 1JUI9x-00080w-5S; Wed, 27 Feb 2008 04:01:06 -0500 Mime-Version: 1.0 Message-Id: In-Reply-To: <06F60E10-1728-4E12-B8EF-C15021A9FEE3@checkpoint.com> References: <1204058724.2461.7.camel@faith.austin.ibm.com> <06F60E10-1728-4E12-B8EF-C15021A9FEE3@checkpoint.com> Date: Wed, 27 Feb 2008 04:00:47 -0500 To: Yoav Nir From: Stephen Kent Cc: ipsec@ietf.org Subject: Re: [IPsec] PFP flag in rfc 4301 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org At 10:29 AM +0200 2/27/08, Yoav Nir wrote: >... > >That is correct, but it is possible for a particular implementation >not to offer all the rich configurability suggested by RFC 4301. For >example, you can have the traffic selectors pre-configured, and always >use those subnets. In RFC 4301 terms, you can have all the PFP flags >set to false, and not allow the user to configure them. That is a >user interface consideration that does not harm interoperability. Yes, but such an implementation would be non-compliant with 4301. The reason we mandate that an enumerated list features be manageable is to ensure a certain minimum functionality. When I checked on early IPsec implementations at Interop one year, several did not allow all five traffic selectors to be specified for SPD entries. They were clearly non-compliant. The Microsoft implementation did not allow the SPD entries to be manually sorted; they defined their own notion of "more specific/general" to impose a total ordering on the SPD. That was also non-compliant, as it clearly limited the set of policies a user (or admin) could define. Steve _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Wed Feb 27 08:14:51 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C2CE33A6E41; Wed, 27 Feb 2008 08:14:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.589 X-Spam-Level: X-Spam-Status: No, score=-1.589 tagged_above=-999 required=5 tests=[AWL=-1.752, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, J_CHICKENPOX_72=0.6, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1XKuNz-e95Me; Wed, 27 Feb 2008 08:14:50 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B2C1428C83B; Wed, 27 Feb 2008 08:12:20 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B9F6C28C389 for ; Wed, 27 Feb 2008 08:12:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2J-ielhS5WI1 for ; Wed, 27 Feb 2008 08:12:18 -0800 (PST) Received: from e5.ny.us.ibm.com (e5.ny.us.ibm.com [32.97.182.145]) by core3.amsl.com (Postfix) with ESMTP id 43CF828C86D for ; Wed, 27 Feb 2008 08:11:52 -0800 (PST) Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236]) by e5.ny.us.ibm.com (8.13.8/8.13.8) with ESMTP id m1RGBaS7024795 for ; Wed, 27 Feb 2008 11:11:36 -0500 Received: from d01av03.pok.ibm.com (d01av03.pok.ibm.com [9.56.224.217]) by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v8.7) with ESMTP id m1RGBakt278912 for ; Wed, 27 Feb 2008 11:11:36 -0500 Received: from d01av03.pok.ibm.com (loopback [127.0.0.1]) by d01av03.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id m1RGBaRs022577 for ; Wed, 27 Feb 2008 11:11:36 -0500 Received: from austin.ibm.com (netmail1.austin.ibm.com [9.41.248.175]) by d01av03.pok.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id m1RGBZss022554; Wed, 27 Feb 2008 11:11:35 -0500 Received: from faith.austin.ibm.com (faith.austin.ibm.com [9.53.40.35]) by austin.ibm.com (8.13.8/8.12.10) with ESMTP id m1RGBZUv042534; Wed, 27 Feb 2008 10:11:35 -0600 Received: from faith.austin.ibm.com (localhost.localdomain [127.0.0.1]) by faith.austin.ibm.com (8.13.4/8.12.8) with ESMTP id m1RG8mQK021258; Wed, 27 Feb 2008 10:08:48 -0600 Received: (from jml@localhost) by faith.austin.ibm.com (8.13.4/8.13.4/Submit) id m1RG8lr5021257; Wed, 27 Feb 2008 10:08:47 -0600 X-Authentication-Warning: faith.austin.ibm.com: jml set sender to latten@austin.ibm.com using -f From: Joy Latten To: Stephen Kent In-Reply-To: References: <1204058724.2461.7.camel@faith.austin.ibm.com> Date: Wed, 27 Feb 2008 10:08:47 -0600 Message-Id: <1204128527.2461.13.camel@faith.austin.ibm.com> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 (2.2.3-2.fc4) Cc: ipsec@ietf.org, tchicks@us.ibm.com Subject: Re: [IPsec] PFP flag in rfc 4301 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org On Tue, 2008-02-26 at 21:45 -0500, Stephen Kent wrote: > At 2:45 PM -0600 2/26/08, Joy Latten wrote: > >The rfc 4301 describes Populate-from-Packet feature. > >I could not readily determine if it is something SPD > >or IPsec implementation MUST have or SHOULD have? > > > >regards, > >Joy > >_______________________________________________ > >IPsec mailing list > >IPsec@ietf.org > >http://www.ietf.org/mailman/listinfo/ipsec > > PFP is part of the description of an SPD entry. 4301 does not mandate > a specific SPD entry format, BUT it does require that a compliant > implementation be able to operate as though the SPD is implemented as > defined in the SPD model. So, for example,if your implementation > offers as way to configure the SPD to trigger creation of a different > SA for each TCP connection between the same 2 IP addresses, a feature > that PFP allows, then you would be probably be compliant. If not, > then you are not. > > Steve > > P.S. Vishwas's observation that "In my view as PFP is not a signaled > element, we do not support PFP is the implementation does not require > it." is not correct. Many aspects of the SPD/SAD model defined in > 4301 are not signalled explicitly. The criteria for conformance is > how the implementation behaves, not only as seen by a peer, but also > as seen by a user/app. Ok, thanks. This helps with understanding how to read and interpret the rfc and hopefully implement correctly. :-) regards, Joy _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Wed Feb 27 11:00:51 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AFF8328C7DA; Wed, 27 Feb 2008 11:00:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.471 X-Spam-Level: X-Spam-Status: No, score=-0.471 tagged_above=-999 required=5 tests=[AWL=-0.634, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, J_CHICKENPOX_72=0.6, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MyYmMR+YciSl; Wed, 27 Feb 2008 11:00:50 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9F37A3A6A2A; Wed, 27 Feb 2008 11:00:50 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6744D3A6AAF for ; Wed, 27 Feb 2008 11:00:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NXIM+68BJ1ZG for ; Wed, 27 Feb 2008 11:00:44 -0800 (PST) Received: from ag-out-0708.google.com (ag-out-0708.google.com [72.14.246.243]) by core3.amsl.com (Postfix) with ESMTP id C64C33A6929 for ; Wed, 27 Feb 2008 11:00:43 -0800 (PST) Received: by ag-out-0708.google.com with SMTP id 33so7785121agc.1 for ; Wed, 27 Feb 2008 11:00:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=5kE+GBSV0dABVmw01pAtoXgfRbvo4dT3J+mL5q7WSE4=; b=RbqG9BnZAW7vWIHm7Q7JeNfioddDLADOze0OnjuoFc9RQdNgYPuE0pC3i3g2Ej2FamUhBLyRIAxNq1TVUFaIZ3ihXczz2yD190eLukj1qJK0nO3NFwEpqoe17AtLEvLRpoI1CJalhOM7GqjkRhdkKCvzjVVtljIfuInkrHro5Sk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=cFW/IPZU5naVk2iuoVdc2YQOCU9voI9dmQOuNUo/0T07kzj8sVNfCpojIUkKKpH+4yMA55rOHd+ecV74J4wPKSskVlm6mZ7VP232LKm+tAoMOfH5aKE+lEbs5TJ5/aIw5fCBH8Lti8EVznEZR6wQ2j5n2olgmLzoWc2/V2Uzr8I= Received: by 10.143.166.18 with SMTP id t18mr5629459wfo.175.1204138836215; Wed, 27 Feb 2008 11:00:36 -0800 (PST) Received: by 10.143.164.14 with HTTP; Wed, 27 Feb 2008 11:00:36 -0800 (PST) Message-ID: <77ead0ec0802271100s3cae659dkac9afecd05d48efa@mail.gmail.com> Date: Wed, 27 Feb 2008 11:00:36 -0800 From: "Vishwas Manral" To: "Yoav Nir" In-Reply-To: <06F60E10-1728-4E12-B8EF-C15021A9FEE3@checkpoint.com> MIME-Version: 1.0 Content-Disposition: inline References: <1204058724.2461.7.camel@faith.austin.ibm.com> <06F60E10-1728-4E12-B8EF-C15021A9FEE3@checkpoint.com> Cc: ipsec@ietf.org, Stephen Kent Subject: Re: [IPsec] PFP flag in rfc 4301 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org Hi Stephen, I sort of agree with Yaov here. IETF should work towards getting inter-operable implementations over the wire. If a vendor does not need some fields in the SPD and can still give the same and correct external behavior that should not be prevented (like in the PFP case). It is now up to the customer to see if the SPD local information is good enough for him. We should not dictate the behavior within a device - I do not see why the behavior would be non-compliant to RFC4301 - as you yourself state there are implementations that support the external behavior but not the internal structures. By limiting the definition unnecessarily we are excluding a lot of implementations from being compliant. This seems to be the popular refrain in most other protocols in the IETF on which I have worked on too. Thanks, Vishwas On Wed, Feb 27, 2008 at 12:29 AM, Yoav Nir wrote: > > On Feb 27, 2008, at 4:45 AM, Stephen Kent wrote: > > > PFP is part of the description of an SPD entry. 4301 does not mandate > > a specific SPD entry format, BUT it does require that a compliant > > implementation be able to operate as though the SPD is implemented as > > defined in the SPD model. So, for example,if your implementation > > offers as way to configure the SPD to trigger creation of a different > > SA for each TCP connection between the same 2 IP addresses, a feature > > that PFP allows, then you would be probably be compliant. If not, > > then you are not. > > > > Steve > > > > P.S. Vishwas's observation that "In my view as PFP is not a signaled > > element, we do not support PFP is the implementation does not require > > it." is not correct. Many aspects of the SPD/SAD model defined in > > 4301 are not signalled explicitly. The criteria for conformance is > > how the implementation behaves, not only as seen by a peer, but also > > as seen by a user/app. > > That is correct, but it is possible for a particular implementation > not to offer all the rich configurability suggested by RFC 4301. For > example, you can have the traffic selectors pre-configured, and always > use those subnets. In RFC 4301 terms, you can have all the PFP flags > set to false, and not allow the user to configure them. That is a > user interface consideration that does not harm interoperability. > > Just as you don't usually allow users to configure the nonce size in > IKE. > _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Wed Feb 27 11:16:21 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 96E8528C35A; Wed, 27 Feb 2008 11:16:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.698 X-Spam-Level: X-Spam-Status: No, score=-0.698 tagged_above=-999 required=5 tests=[AWL=-0.261, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nEy0Y3LsuMVI; Wed, 27 Feb 2008 11:16:20 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A4C273A6AB9; Wed, 27 Feb 2008 11:16:20 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3D1293A6B0A for ; Wed, 27 Feb 2008 11:16:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KDnask+5SdC8 for ; Wed, 27 Feb 2008 11:16:16 -0800 (PST) Received: from brmea-mail-3.sun.com (brmea-mail-3.Sun.COM [192.18.98.34]) by core3.amsl.com (Postfix) with ESMTP id 63F543A6AB9 for ; Wed, 27 Feb 2008 11:16:15 -0800 (PST) Received: from dm-central-02.central.sun.com ([129.147.62.5]) by brmea-mail-3.sun.com (8.13.6+Sun/8.12.9) with ESMTP id m1RJG9WL010333 for ; Wed, 27 Feb 2008 19:16:09 GMT Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL, v2.2) with ESMTP id m1RJG81h021125 for ; Wed, 27 Feb 2008 12:16:09 -0700 (MST) Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1) with ESMTP id m1RJG8bp021726; Wed, 27 Feb 2008 13:16:08 -0600 (CST) Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1/Submit) id m1RJG4CM021725; Wed, 27 Feb 2008 13:16:04 -0600 (CST) X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f Date: Wed, 27 Feb 2008 13:16:04 -0600 From: Nicolas Williams To: Vishwas Manral Message-ID: <20080227191603.GC21674@Sun.COM> Mail-Followup-To: Vishwas Manral , Yoav Nir , ipsec@ietf.org, Stephen Kent References: <1204058724.2461.7.camel@faith.austin.ibm.com> <06F60E10-1728-4E12-B8EF-C15021A9FEE3@checkpoint.com> <77ead0ec0802271100s3cae659dkac9afecd05d48efa@mail.gmail.com> Mime-Version: 1.0 Content-Disposition: inline In-Reply-To: <77ead0ec0802271100s3cae659dkac9afecd05d48efa@mail.gmail.com> User-Agent: Mutt/1.5.7i Cc: ipsec@ietf.org, Yoav Nir , Stephen Kent Subject: Re: [IPsec] PFP flag in rfc 4301 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org On Wed, Feb 27, 2008 at 11:00:36AM -0800, Vishwas Manral wrote: > Hi Stephen, > > I sort of agree with Yaov here. IETF should work towards getting > inter-operable implementations over the wire. If a vendor does not > need some fields in the SPD and can still give the same and correct > external behavior that should not be prevented (like in the PFP case). > > It is now up to the customer to see if the SPD local information is > good enough for him. We should not dictate the behavior within a > device - I do not see why the behavior would be non-compliant to > RFC4301 - as you yourself state there are implementations that support > the external behavior but not the internal structures. By limiting the > definition unnecessarily we are excluding a lot of implementations > from being compliant. This seems to be the popular refrain in most > other protocols in the IETF on which I have worked on too. I think it's perfectly reasonable for the IETF to include some local interface requirements. In fact, we do that in a number of places. I think requiring PFP support is perfectly OK and even desirable. Finally, there's no IETF compliance police, and no IETF compliance testing. There is interop testing (to move to a spec from Draft Standard to Standard), but its purpose is not to establish compliance by implementations, rather it is to establish that for any one required feature of the protocol there are two or more interoperable implementations. Of course, there can be consortia and other third parties to establish compliance with RFCs and STDs, but they need not (do not) have formal relationships with the IETF. But then, nothing stops your competitors (and customers) from advertising accurate compliance information. Nico -- _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Wed Feb 27 16:38:31 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7703828C5F7; Wed, 27 Feb 2008 16:38:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.512 X-Spam-Level: X-Spam-Status: No, score=-0.512 tagged_above=-999 required=5 tests=[AWL=-0.075, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ga-q-scBPy9r; Wed, 27 Feb 2008 16:38:30 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6746A3A6921; Wed, 27 Feb 2008 16:38:30 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A28403A6921 for ; Wed, 27 Feb 2008 16:38:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xTNBWMXoHToW for ; Wed, 27 Feb 2008 16:38:22 -0800 (PST) Received: from mx12.bbn.com (unknown [128.33.0.81]) by core3.amsl.com (Postfix) with ESMTP id 6D17B3A686A for ; Wed, 27 Feb 2008 16:38:22 -0800 (PST) Received: from dommiel.bbn.com ([192.1.122.15] helo=[192.168.101.9]) by mx12.bbn.com with esmtp (Exim 4.60) (envelope-from ) id 1JUWmj-0003BR-4A; Wed, 27 Feb 2008 19:38:05 -0500 Mime-Version: 1.0 Message-Id: In-Reply-To: <77ead0ec0802271100s3cae659dkac9afecd05d48efa@mail.gmail.com> References: <1204058724.2461.7.camel@faith.austin.ibm.com> <06F60E10-1728-4E12-B8EF-C15021A9FEE3@checkpoint.com> <77ead0ec0802271100s3cae659dkac9afecd05d48efa@mail.gmail.com> Date: Wed, 27 Feb 2008 19:37:06 -0500 To: "Vishwas Manral" From: Stephen Kent Cc: ipsec@ietf.org, Yoav Nir Subject: Re: [IPsec] PFP flag in rfc 4301 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org At 11:00 AM -0800 2/27/08, Vishwas Manral wrote: >Hi Stephen, > >I sort of agree with Yaov here. IETF should work towards getting >inter-operable implementations over the wire. If a vendor does not >need some fields in the SPD and can still give the same and correct >external behavior that should not be prevented (like in the PFP case). Interoperability is the primary focus of most IETF standards, but not the only one. In the case of IPsec there was agreement by the WG that it was appropriate to mandate support for certain features even if they were not visible to a peer. Also, if one defines "external behavior" to include the features seen by an admin or user trying to manage SAs, then PFP qualifies. It is up to a user/admin, not a vendor, to decide which features to turn on; a vendor is obligated to offer the features. Look at the PKIX specs for analogies re what a compliant CA or client MUST be able to do, vs. what a specific CA or user (client) may choose to make use of. >It is now up to the customer to see if the SPD local information is >good enough for him. We should not dictate the behavior within a >device - I do not see why the behavior would be non-compliant to >RFC4301 - as you yourself state there are implementations that support >the external behavior but not the internal structures. By limiting the >definition unnecessarily we are excluding a lot of implementations >from being compliant. This seems to be the popular refrain in most >other protocols in the IETF on which I have worked on too. The implementation is non-compliant because the vendor decided o behalf of the user which of the mandated features of the SPD it though was important. RFC 4301 does NOT mandate use of any specific internal structures; however, if there is an external management feature that is enabled by the model in 4301 and an implementation if not able to offer that feature to a (local) user/admin, then the implementation is non-compliant, for the reasons cited above. Compliance is not a popularity contest. If it were, all Microsoft and Cisco products would be compliant, by definition of the massive market share each of these vendors represents. Steve _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec From ipsec-bounces@ietf.org Fri Feb 29 11:56:31 2008 Return-Path: X-Original-To: ietfarch-ipsec-archive@core3.amsl.com Delivered-To: ietfarch-ipsec-archive@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3F7E13A6F29; Fri, 29 Feb 2008 11:56:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.765 X-Spam-Level: X-Spam-Status: No, score=-1.765 tagged_above=-999 required=5 tests=[AWL=-1.328, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P6h5kF8iosYc; Fri, 29 Feb 2008 11:56:25 -0800 (PST) Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 76F6B3A6E69; Fri, 29 Feb 2008 11:56:25 -0800 (PST) X-Original-To: ipsec@core3.amsl.com Delivered-To: ipsec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CDFB23A6E45 for ; Fri, 29 Feb 2008 11:56:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8QIy0DS5xMV6 for ; Fri, 29 Feb 2008 11:56:22 -0800 (PST) Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by core3.amsl.com (Postfix) with ESMTP id AA5453A6D5A for ; Fri, 29 Feb 2008 11:56:22 -0800 (PST) Received: from hop04-l1d11-si01.isus.emc.com (HOP04-L1D11-SI01.isus.emc.com [10.254.111.54]) by mexforward.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id m1TJuD2q020316 for ; Fri, 29 Feb 2008 14:56:13 -0500 (EST) Received: from mailhub.lss.emc.com (uraeus.lss.emc.com [10.254.144.14]) by hop04-l1d11-si01.isus.emc.com (Tablus Interceptor) for ; Fri, 29 Feb 2008 14:56:13 -0500 Received: from corpussmtp3.corp.emc.com (corpussmtp3.corp.emc.com [10.254.64.53]) by mailhub.lss.emc.com (Switch-3.2.5/Switch-3.1.7) with ESMTP id m1TJtiOu020243 for ; Fri, 29 Feb 2008 14:56:11 -0500 (EST) From: Black_David@emc.com Received: from CORPUSMX20A.corp.emc.com ([128.221.62.13]) by corpussmtp3.corp.emc.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 29 Feb 2008 14:55:30 -0500 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Fri, 29 Feb 2008 14:55:29 -0500 Message-ID: <8CC6CEAB44F131478D3A7B429ECACD9192382D@CORPUSMX20A.corp.emc.com> In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [IPsec] I-D ACTION:draft-black-ipsec-ikev2-aead-modes-00.txt Thread-Index: Achz69VgvkTzQWoJQcq687LrJfc5ugHGKNPw References: To: X-OriginalArrivalTime: 29 Feb 2008 19:55:30.0865 (UTC) FILETIME=[09C36210:01C87B0D] X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.5.1.298604, Antispam-Data: 2007.8.30.51425 X-PerlMx-Spam: Gauge=, SPAM=0%, Reason='EMC_BODY_1+ -3, EMC_FROM_0+ -3, NO_REAL_NAME 0, __C230066_P5 0, __CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __IMS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0' X-Tablus-Inspected: yes X-Tablus-Classifications: M and A Terms X-Tablus-Action: allow Subject: Re: [IPsec] I-D ACTION:draft-black-ipsec-ikev2-aead-modes-00.txt X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ipsec-bounces@ietf.org Errors-To: ipsec-bounces@ietf.org David McGrew and I would appreciate comments on this draft. Its primary purpose is to enable use of AES GCM and AES CCM for the IKEv2 encrypted payload - currently, these algorithms can be used with ESP, but not with IKEv2 proper (i.e., IKEv2 can negotiate ESP usage of GCM and CCM, but the IKEv2 encrypted payload can't currently be encrypted with GCM or CCM). This draft does so by applying the Authenticated Encryption framework from RFC 5116 to IKEv2's encrypted payload, as AES GCM, AES CCM and other combined modes are examples of authenticated encryption algorithms. The draft also supplies the remaining details needed for use of AES GCM and AES CCM with IKEv2. This approach should make things easier for future authenticated encryption algorithms because the IKEv2-generic aspects (e.g., data that receives integrity coverage but is not encrypted) won't have to be respecified. While this draft has already received some good review (and we thank the reviewers), like any -00 version, it's not complete. The only major technical content that's missing is completing the connection to RFC 5116, mostly explaining how this draft relates to the specific AEAD algorithms defined in RFC 5116. As part of doing this, additional AEAD algorithm identifiers for AES CCM will be defined to the version of AES CCM specified in RFC 4309, as the AEAD CCM algorithms in RFC 5116 differ from those in RFC 4309. There are a few technical issues that we are looking for input on: 1) Key size. IPsec in general allows 192 bit AES keys, but RFC 5116 currently does not. Is it ok to not allow 192 bit AES keys when AES GCM and AES CCM are used for the IKEv2 encrypted payload. 2) ICV size. Both RFC 4106 (GCM) and 4309 (CCM) are fairly permissive about 8-octet and 12-octet ICVs. David McGrew would like to generally prohibit ICV sizes other than 16-octets and hence only specify and allow support of 16-octet ICVs in this draft. That would place tighter restrictions on AES GCM and AES CCM usage with IKEv2 than with ESP unless something else is done. 3) Padding. Both AES GCM and AES CCM only require padding only to a 32-bit alignment (this is done here for commonality with ESP). Is that a general characteristic of authenticated encryption algorithms, or are there algorithms that may need more padding (e.g., to the AES encryption block size)? Thanks, --David ---------------------------------------------------- David L. Black, Distinguished Engineer EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 FAX: +1 (508) 293-7786 black_david@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------- > -----Original Message----- > From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] > On Behalf Of Internet-Drafts@ietf.org > Sent: Wednesday, February 20, 2008 1:10 PM > To: IPsec WG > Subject: [IPsec] I-D ACTION:draft-black-ipsec-ikev2-aead-modes-00.txt > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > > Title : Using Authenticated Encryption Algorithms > with the Encrypted Payload of the Internet Key Exchange version 2 > (IKEv2) Protocol > Author(s) : D. Black, D. McGrew > Filename : draft-black-ipsec-ikev2-aead-modes-00.txt > Pages : 14 > Date : 2008-2-15 > > An authenticated encryption algorithm combines encryption and > integrity into a single operation; such algorithms may also be > referred to as combined modes of an encryption cipher or > as combined > mode algorithms. This document describes the use of authenticated > encryption algorithms with the Encrypted Payload of the > Internet Key > Exchange version 2 (IKEv2) protocol. > > The use of two specific authenticated encryption > algorithms with the > IKEv2 Encrypted Payload is also described; these two > algorithms are > the Advanced Encryption Standard (AES) in Galois/Counter Mode (AES > GCM) and AES in Counter with CBC-MAC Mode (AES CCM). Additional > documents may describe use of other authenticated encryption > algorithms with the IKEv2 Encrypted Payload. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-black-ipsec-ikev2-ae ad-modes-00.txt > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > http://www.ietf.org/mailman/listinfo/ipsec > > _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec