From nobody Sun Jun 1 06:25:28 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF5891A021F for ; Sun, 1 Jun 2014 06:25:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E0IvGZfGWCMt for ; Sun, 1 Jun 2014 06:25:22 -0700 (PDT) Received: from mail-wg0-x22d.google.com (mail-wg0-x22d.google.com [IPv6:2a00:1450:400c:c00::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D2181A021C for ; Sun, 1 Jun 2014 06:25:22 -0700 (PDT) Received: by mail-wg0-f45.google.com with SMTP id m15so4009415wgh.16 for ; Sun, 01 Jun 2014 06:25:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:subject:date:references:to:message-id :mime-version; bh=z+woIbq5PZuXduMrvlBedMh3V7ZaybhK/zlaop5DcKM=; b=cAq6wX1O1dIj+SS17PzQiyDox3ugGzUbFqxH3NPLyhB2a7cppIYDKonQNZXtkc9+Gt Ty9O/NJza+Dh5UaAaRQI1+mS+Wi2kqZ/MJ1/5pVHeTbYtna1CFxGNJ5Z9p3n9s1x3+oH HpRB29UBZdx9pc6HRbOrUdBgJKrQp2G0xCvMrFhgbMBgz2pRm9H9YDKI4+zxifLfsgug pVzZFeApdTeCD2ZjtFfla0RUF6qs+4uNiwBCsQVZ7rSV49q6kX2CzSh1NhUm5nI3Clp/ 7jm6oClKPb+lddEp0smrtTy0WbmEW0tt0pd0Vvm7s4p/JXQx0m5gOBluSTgkys+/fjGU KWDw== X-Received: by 10.180.106.1 with SMTP id gq1mr14360745wib.45.1401629116313; Sun, 01 Jun 2014 06:25:16 -0700 (PDT) Received: from [172.24.249.169] (dyn32-131.checkpoint.com. [194.29.32.131]) by mx.google.com with ESMTPSA id c7sm26900779wjf.19.2014.06.01.06.25.15 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 01 Jun 2014 06:25:15 -0700 (PDT) From: Yoav Nir Content-Type: multipart/alternative; boundary="Apple-Mail=_BDAA996A-959F-400C-906A-55D9FA78D810" Date: Sun, 1 Jun 2014 16:25:11 +0300 References: <20140601132022.27152.89239.idtracker@ietfa.amsl.com> To: IPsecME WG Message-Id: Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) X-Mailer: Apple Mail (2.1878.2) Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/adBKuUbZqHMKOJudxz4WE1nIa1c Subject: [IPsec] Fwd: New Version Notification for draft-nir-ipsecme-chacha20-poly1305-04.txt X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jun 2014 13:25:25 -0000 --Apple-Mail=_BDAA996A-959F-400C-906A-55D9FA78D810 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 Hi. I=92ve posted version -04 of this draft. Changes from version -02: References version -04 of the algorithm draft, which changes the AEAD = construction to improve performance Defines the algorithm for IKE (in addition to ESP) Adds a UI suite. Questions for the group: Are we OK with HMAC-SHA-256 as the PRF function? What D-H group do we want for the UI suite: NIST P-256, or ED25519? Any more comments? We really need review of the algorithm draft = (draft-nir-cfrg-chacha20-poly1305) Thanks Yoav Begin forwarded message: > From: internet-drafts@ietf.org > Subject: New Version Notification for = draft-nir-ipsecme-chacha20-poly1305-04.txt > Date: June 1, 2014 at 4:20:22 PM GMT+3 > To: Yoav Nir , "Yoav Nir" >=20 >=20 > A new version of I-D, draft-nir-ipsecme-chacha20-poly1305-04.txt > has been successfully submitted by Yoav Nir and posted to the > IETF repository. >=20 > Name: draft-nir-ipsecme-chacha20-poly1305 > Revision: 04 > Title: ChaCha20, Poly1305 and their use in IPsec > Document date: 2014-06-01 > Group: Individual Submission > Pages: 8 > URL: = http://www.ietf.org/internet-drafts/draft-nir-ipsecme-chacha20-poly1305-04= .txt > Status: = https://datatracker.ietf.org/doc/draft-nir-ipsecme-chacha20-poly1305/ > Htmlized: = http://tools.ietf.org/html/draft-nir-ipsecme-chacha20-poly1305-04 > Diff: = http://www.ietf.org/rfcdiff?url2=3Ddraft-nir-ipsecme-chacha20-poly1305-04 >=20 > Abstract: > This document describes the use of the ChaCha20 stream cipher along > with the Poly1305 authenticator, combined into an AEAD algorithm for > IPsec. >=20 >=20 >=20 >=20 > Please note that it may take a couple of minutes from the time of = submission > until the htmlized version and diff are available at tools.ietf.org. >=20 > The IETF Secretariat >=20 --Apple-Mail=_BDAA996A-959F-400C-906A-55D9FA78D810 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=windows-1252 Hi.

I=92ve posted version -04 of = this draft.  Changes from version -02:
  • References version -04 of the algorithm draft, = which changes the AEAD construction to improve = performance
  • Defines the algorithm for IKE (in addition to = ESP)
  • Adds a UI suite.

Questions for = the group:
  • Are we OK = with HMAC-SHA-256 as the PRF = function?
  • What D-H group do we want for the UI suite: = NIST P-256, or ED25519?
  • Any more comments?  We really need = review of the algorithm draft = (draft-nir-cfrg-chacha20-poly1305)

Than= ks

Yoav


Begin = forwarded message:

Subject: = New Version = Notification for = draft-nir-ipsecme-chacha20-poly1305-04.txt
Date: June 1, 2014 at 4:20:22 PM = GMT+3
To: = Yoav Nir <ynir.ietf@gmail.com>, "Yoav = Nir" <ynir.ietf@gmail.com>
=


A new version of I-D, = draft-nir-ipsecme-chacha20-poly1305-04.txt
has been successfully = submitted by Yoav Nir and posted to the
IETF = repository.

Name: = draft-nir-ipsecme-chacha20-poly1305
Revision: = 04
Title: ChaCha20, Poly1305 and their use = in IPsec
Document date: 2014-06-01
Group: = Individual Submission
Pages: 8
URL: =            http://www.ietf.org/internet-drafts/draft-nir-ipsecme-chacha= 20-poly1305-04.txt
Status: =         https://datatracker.ietf.org/doc/draft-nir-ipsecme-chacha20-poly1305/=
Htmlized:       http://tools.ietf.org/html/draft-nir-ipsecme-chacha20-poly1305-04
= Diff:           http://www.ietf.org/rfcdiff?url2=3Ddraft-nir-ipsecme-chacha20-pol= y1305-04

Abstract:
  This document describes = the use of the ChaCha20 stream cipher along
  with the = Poly1305 authenticator, combined into an AEAD algorithm for
=   IPsec.




Please note that it may take a = couple of minutes from the time of submission
until the htmlized = version and diff are available at tools.ietf.org.

The IETF = Secretariat


= --Apple-Mail=_BDAA996A-959F-400C-906A-55D9FA78D810-- From nobody Mon Jun 2 15:56:45 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A40091A03C8 for ; Mon, 2 Jun 2014 15:56:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.347 X-Spam-Level: X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e46jrT1-fbHH for ; Mon, 2 Jun 2014 15:56:44 -0700 (PDT) Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F363E1A00CD for ; Mon, 2 Jun 2014 15:56:43 -0700 (PDT) Received: from [10.20.30.90] (50-1-51-90.dsl.dynamic.fusionbroadband.com [50.1.51.90]) (authenticated bits=0) by hoffman.proper.com (8.14.8/8.14.7) with ESMTP id s52MuZvL015779 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Mon, 2 Jun 2014 15:56:37 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) X-Authentication-Warning: hoffman.proper.com: Host 50-1-51-90.dsl.dynamic.fusionbroadband.com [50.1.51.90] claimed to be [10.20.30.90] From: Paul Hoffman Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: <501287C6-CC21-44BA-80AA-BC38B3722A0E@vpnc.org> Date: Mon, 2 Jun 2014 15:56:33 -0700 To: IPsec ME WG List Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) X-Mailer: Apple Mail (2.1878.2) Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/KLd8yu9HKPLZkh-rgaxxzQ2LPF0 Subject: [IPsec] Any reason to meet in Toronto? X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2014 22:56:44 -0000 Greetings again. The WG currently has no documents under active = discussion. Given that, Yaron and I thought that we don't *have* to meet = in Toronto. However, at our meetings, we try to let people with = IPsec-related drafts to make initial presentations. We could have a = short meeting to do that in Toronto if there are a few documents that = (a) have not been presented at previous IPsecME WG meetings and (b) are = related to IPsec. Thoughts? --Paul Hoffman= From nobody Tue Jun 3 01:27:40 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 151091A0167 for ; Tue, 3 Jun 2014 01:27:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4AW6D9icmu3Q for ; Tue, 3 Jun 2014 01:27:36 -0700 (PDT) Received: from mail-we0-x232.google.com (mail-we0-x232.google.com [IPv6:2a00:1450:400c:c03::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EF0B1A0162 for ; Tue, 3 Jun 2014 01:27:36 -0700 (PDT) Received: by mail-we0-f178.google.com with SMTP id u56so6412442wes.9 for ; Tue, 03 Jun 2014 01:27:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=mlInr6kq478e++AICS4dLNHmsAsthx6F4a/0/j04kUw=; b=JueYumPhkYXHZ1+IMzTYFMFoM5jJmmV4krvTVxs2G/zbK2rsXDLN22/YfBHzislGon t3DP5ZX6o/ON3To1W8Xt8pXHLY68Jr8G7vR2szVcG/BllthGUZD2FZfrrwhowe6KhseS jmCSRCgnChU5WQ5Pbop++rjHq+ZKmoTSwCos9UNtWud8Amop2JkmtQ1guLjqoJBcdz+h DTCj4U4vB5I3B64gOgIMUphROWtCSsrDaY4iEQCAt+itMrQP4/5n+ZRcABEboBBxhok0 oKO0HXqSlv5dEbuBX7xh6xKS3OoGJd+Gnt5uInfXFWQkgQtj83pYHspaf5T0SxHaJkV/ /Jlw== MIME-Version: 1.0 X-Received: by 10.194.8.6 with SMTP id n6mr41424140wja.31.1401784049014; Tue, 03 Jun 2014 01:27:29 -0700 (PDT) Received: by 10.194.51.131 with HTTP; Tue, 3 Jun 2014 01:27:28 -0700 (PDT) In-Reply-To: <501287C6-CC21-44BA-80AA-BC38B3722A0E@vpnc.org> References: <501287C6-CC21-44BA-80AA-BC38B3722A0E@vpnc.org> Date: Tue, 3 Jun 2014 10:27:28 +0200 Message-ID: From: Daniel Migault To: Paul Hoffman Content-Type: multipart/alternative; boundary=047d7b5d5cb64b1d6104faea485d Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/1jwEyLcNyXAE7KBgWC7T8D5r36s Cc: IPsec ME WG List Subject: Re: [IPsec] Any reason to meet in Toronto? X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2014 08:27:38 -0000 --047d7b5d5cb64b1d6104faea485d Content-Type: text/plain; charset=UTF-8 Hi, In my case, here are the documents we would like to present: - mobikev2 that is an extension of MOBIKE with the transport [1] We are also working on a few drafts on our Diet-ESP considering the various feed backs we received. We are still working on them so they have not yet been published. They should be published by end of June. However, a) presentation may also be done in other places as we considerably reduces the modifications on IPsec. b) Although we expect multiple drafts, they are all related to the same topic DIET-ESP that has already been presented in London. [1] http://tools.ietf.org/html/draft-mglt-ipsecme-mobikev2-00 On Tue, Jun 3, 2014 at 12:56 AM, Paul Hoffman wrote: > Greetings again. The WG currently has no documents under active > discussion. Given that, Yaron and I thought that we don't *have* to meet in > Toronto. However, at our meetings, we try to let people with IPsec-related > drafts to make initial presentations. We could have a short meeting to do > that in Toronto if there are a few documents that (a) have not been > presented at previous IPsecME WG meetings and (b) are related to IPsec. > > Thoughts? > > --Paul Hoffman > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > -- Daniel Migault Orange Labs -- Security +33 6 70 72 69 58 --047d7b5d5cb64b1d6104faea485d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi,

In my case, here are the = documents we would like to present:
=C2=A0=C2=A0=C2=A0 - mobikev2 = that is an extension of MOBIKE with the transport [1]

We are = also working on a few drafts on our Diet-ESP considering the various feed b= acks we received. We are still working on them so they have not yet been pu= blished. They should be published by end of June. However, a) presentation = may also be done in other places as we considerably reduces the modificatio= ns on IPsec. b) Although we expect multiple drafts, they are all related to= the same topic DIET-ESP that has already been presented in London.=C2=A0 <= br>

[1] http://tools.ietf.org/html/draft-mglt-ipsecme-mobikev2-00


On Tue, Ju= n 3, 2014 at 12:56 AM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
Greetings again. The WG currently has no doc= uments under active discussion. Given that, Yaron and I thought that we don= 't *have* to meet in Toronto. However, at our meetings, we try to let p= eople with IPsec-related drafts to make initial presentations. We could hav= e a short meeting to do that in Toronto if there are a few documents that (= a) have not been presented at previous IPsecME WG meetings and (b) are rela= ted to IPsec.

Thoughts?

--Paul Hoffman
_______________________________________________
IPsec mailing list
IPsec@ietf.org
h= ttps://www.ietf.org/mailman/listinfo/ipsec



--
Daniel Mi= gault
Orange Labs -- Security
+33 6 70 72 69 58
--047d7b5d5cb64b1d6104faea485d-- From nobody Tue Jun 3 06:26:31 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A68F31A026A; Tue, 3 Jun 2014 06:26:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -102.553 X-Spam-Level: X-Spam-Status: No, score=-102.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yXWqmJcTegdh; Tue, 3 Jun 2014 06:26:25 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [IPv6:2001:1900:3001:11::31]) by ietfa.amsl.com (Postfix) with ESMTP id 1E1AB1A01F6; Tue, 3 Jun 2014 06:26:25 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id 4CBA3180202; Tue, 3 Jun 2014 06:25:26 -0700 (PDT) To: gsmith@sta.samsung.com, charliek@microsoft.com, paul.hoffman@vpnc.org, ynir@checkpoint.com, pe@iki.fi X-PHP-Originating-Script: 1005:errata_mail_lib.php From: RFC Errata System Message-Id: <20140603132526.4CBA3180202@rfc-editor.org> Date: Tue, 3 Jun 2014 06:25:26 -0700 (PDT) Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/7Um6XWtymFFJSrt0macsycgLh1c Cc: ipsec@ietf.org, rfc-editor@rfc-editor.org, iesg@ietf.org, stephen.farrell@cs.tcd.ie Subject: [IPsec] [Errata Rejected] RFC5996 (3718) X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2014 13:26:26 -0000 The following errata report has been rejected for RFC5996, "Internet Key Exchange Protocol Version 2 (IKEv2)". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=5996&eid=3718 -------------------------------------- Status: Rejected Type: Technical Reported by: Gerald Smith Date Reported: 2013-09-04 Rejected by: Stephen Farrell (IESG) Section: 3.15.3 Original Text ------------- A client can be assigned an IPv6 address using the INTERNAL_IP6_ADDRESS Configuration payload. A minimal exchange might look like this: CP(CFG_REQUEST) = INTERNAL_IP6_ADDRESS() INTERNAL_IP6_DNS() TSi = (0, 0-65535, :: - FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF) TSr = (0, 0-65535, :: - FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF) CP(CFG_REPLY) = INTERNAL_IP6_ADDRESS(2001:DB8:0:1:2:3:4:5/64) INTERNAL_IP6_DNS(2001:DB8:99:88:77:66:55:44) TSi = (0, 0-65535, 2001:DB8:0:1:2:3:4:5 - 2001:DB8:0:1:2:3:4:5) TSr = (0, 0-65535, :: - FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF) Corrected Text -------------- CP(CFG_REPLY) = INTERNAL_IP6_ADDRESS(2001:DB8:0:1:2:3:4:5/64) INTERNAL_IP6_DNS(2001:DB8:99:88:77:66:55:44) TSi = (0, 0-65535, 2001:DB8:0:1:2:3:4:5 - 2001:DB8:0:1:2:3:4:5) TSr = (0, 0-65535, 2001:DB8:0:1:: - 2001:DB8:0:1:FFFF:FFFF:FFFF:FFFF) Notes ----- The INTERNAL_IP6_ADDRESS returned in the CFG_REPLY is a 64 bit subnet, but the TSr returned in the CFG_REPLY shows a 0 bit subnet instead of the 64 bit subnet. Kathleen told me to reject this! (Based on ipsecme list discussion.) --VERIFIER NOTES-- Kathleen told me to! -------------------------------------- RFC5996 (draft-ietf-ipsecme-ikev2bis-11) -------------------------------------- Title : Internet Key Exchange Protocol Version 2 (IKEv2) Publication Date : September 2010 Author(s) : C. Kaufman, P. Hoffman, Y. Nir, P. Eronen Category : PROPOSED STANDARD Source : IP Security Maintenance and Extensions Area : Security Stream : IETF Verifying Party : IESG From nobody Tue Jun 3 12:19:18 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DACAD1A025B for ; Tue, 3 Jun 2014 12:19:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w8v1_kwPMfkH for ; Tue, 3 Jun 2014 12:19:10 -0700 (PDT) Received: from mail-wi0-x22a.google.com (mail-wi0-x22a.google.com [IPv6:2a00:1450:400c:c05::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90F131A02F0 for ; Tue, 3 Jun 2014 12:19:10 -0700 (PDT) Received: by mail-wi0-f170.google.com with SMTP id bs8so6642763wib.3 for ; Tue, 03 Jun 2014 12:19:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=IqHg2rCD/sT4vK8ZtHFClnRaoPbct3oPKczspOvGdNQ=; b=Xw7CuEV9VwEUIxzKZf6/BaAbHCtQ/7vC4o9Tdy3Ok63prrkWEV1CKy7quuQSJZlhlV 7NeFfnkME9RxslJflWuT+9nQGDOcqtve6q8qWHy6kYy0AHCDEFfys71TVjcJ4wjBceH+ IM9dVi7DmbynvkgDapa84/anNekZQNaujlaaGSQqbsAXO7KNC2EwChMacSNxSUUfz1bP MtWvocx3cVIfRLiliXc8OFH7rGUpfDFPN8byHyQ1G3VT4MOHkr3kMgDsaY6I/Sg9Ppg0 YU7keo34BKVdrdtBWBq4pIcuGgDh2EDw9SwpPhn1U+QOI3iBuGlvIPMdObCHaMquMNTi 7AWA== X-Received: by 10.194.220.100 with SMTP id pv4mr22520376wjc.3.1401823143729; Tue, 03 Jun 2014 12:19:03 -0700 (PDT) Received: from [192.168.1.102] (bzq-84-109-50-18.red.bezeqint.net. [84.109.50.18]) by mx.google.com with ESMTPSA id ee9sm14231563wib.2.2014.06.03.12.19.02 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 03 Jun 2014 12:19:03 -0700 (PDT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) From: Yoav Nir In-Reply-To: <501287C6-CC21-44BA-80AA-BC38B3722A0E@vpnc.org> Date: Tue, 3 Jun 2014 22:19:01 +0300 Content-Transfer-Encoding: quoted-printable Message-Id: References: <501287C6-CC21-44BA-80AA-BC38B3722A0E@vpnc.org> To: Paul Hoffman X-Mailer: Apple Mail (2.1878.2) Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/idTLFZOAOxkxsGeCFh4g8HP8WFY Cc: IPsec ME WG List Subject: Re: [IPsec] Any reason to meet in Toronto? X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2014 19:19:17 -0000 Well, there=92s my puzzles draft ([1]). And we could argue some more about dynamic VPN (and the dropping = thereof). In fact, just stick an =93open mic=94 part on the agenda, and = such an argument is sure to come. Yoav [1] http://tools.ietf.org/html/draft-nir-ipsecme-puzzles-00 On Jun 3, 2014, at 1:56 AM, Paul Hoffman wrote: > Greetings again. The WG currently has no documents under active = discussion. Given that, Yaron and I thought that we don't *have* to meet = in Toronto. However, at our meetings, we try to let people with = IPsec-related drafts to make initial presentations. We could have a = short meeting to do that in Toronto if there are a few documents that = (a) have not been presented at previous IPsecME WG meetings and (b) are = related to IPsec. >=20 > Thoughts? >=20 > --Paul Hoffman > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec From nobody Tue Jun 3 12:40:49 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A17B1A0348 for ; Tue, 3 Jun 2014 12:40:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.347 X-Spam-Level: X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OQyztg6d4cnl for ; Tue, 3 Jun 2014 12:40:47 -0700 (PDT) Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CDC71A0309 for ; Tue, 3 Jun 2014 12:40:47 -0700 (PDT) Received: from [10.20.30.90] (50-1-51-90.dsl.dynamic.fusionbroadband.com [50.1.51.90]) (authenticated bits=0) by hoffman.proper.com (8.14.8/8.14.7) with ESMTP id s53Jeb9v058770 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 3 Jun 2014 12:40:39 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) X-Authentication-Warning: hoffman.proper.com: Host 50-1-51-90.dsl.dynamic.fusionbroadband.com [50.1.51.90] claimed to be [10.20.30.90] Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) From: Paul Hoffman In-Reply-To: Date: Tue, 3 Jun 2014 12:40:37 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <501287C6-CC21-44BA-80AA-BC38B3722A0E@vpnc.org> To: Yoav Nir X-Mailer: Apple Mail (2.1878.2) Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/DwBttXiEQ2nA87wlIfoX9sizuLQ Cc: IPsec ME WG List Subject: Re: [IPsec] Any reason to meet in Toronto? X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2014 19:40:48 -0000 On Jun 3, 2014, at 12:19 PM, Yoav Nir wrote: > Well, there=92s my puzzles draft ([1]). If you want to present it, sure. > And we could argue some more about dynamic VPN (and the dropping = thereof). Nope. > In fact, just stick an =93open mic=94 part on the agenda, and such an = argument is sure to come. Doing that on list would be possibly be more useful than waiting for the = meeting. Or not. --Paul Hoffman= From nobody Tue Jun 3 12:54:57 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4496F1A0334 for ; Tue, 3 Jun 2014 12:54:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.552 X-Spam-Level: X-Spam-Status: No, score=-2.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 78JnfJ0NdB-Z for ; Tue, 3 Jun 2014 12:54:54 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3::184]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7838A1A02F0 for ; Tue, 3 Jun 2014 12:54:54 -0700 (PDT) Received: from sandelman.ca (desk.marajade.sandelman.ca [209.87.252.247]) by tuna.sandelman.ca (Postfix) with ESMTP id 8C6A220029 for ; Tue, 3 Jun 2014 15:57:55 -0400 (EDT) Received: by sandelman.ca (Postfix, from userid 179) id 00C1363B0E; Tue, 3 Jun 2014 15:54:46 -0400 (EDT) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id E035663AED for ; Tue, 3 Jun 2014 15:54:46 -0400 (EDT) From: Michael Richardson To: IPsec ME WG List In-Reply-To: References: <501287C6-CC21-44BA-80AA-BC38B3722A0E@vpnc.org> X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Sender: mcr@sandelman.ca Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/3DyHrPbicwsxw2_UsI04s7mdnew Subject: Re: [IPsec] Any reason to meet in Toronto? X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2014 19:54:56 -0000 Paul Hoffman wrote: >> Well, there=E2=80=99s my puzzles draft ([1]). > If you want to present it, sure. >> And we could argue some more about dynamic VPN (and the dropping >>thereof). > Nope. >> In fact, just stick an =E2=80=9Copen mic=E2=80=9D part on the agenda= , and such an >>argument is sure to come. > Doing that on list would be possibly be more useful than waiting for > the meeting. Or not. Perhaps worth circulating the abandon email more widely around the IETF. -- ] Never tell me the odds! | ipv6 mesh network= s [ ] Michael Richardson, Sandelman Software Works | network architect= [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails = [ From nobody Wed Jun 4 06:42:04 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A1821A0276 for ; Wed, 4 Jun 2014 06:42:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.651 X-Spam-Level: X-Spam-Status: No, score=-2.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.651] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GYTNXDIzupow for ; Wed, 4 Jun 2014 06:42:01 -0700 (PDT) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D81A1A0238 for ; Wed, 4 Jun 2014 06:42:01 -0700 (PDT) Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id A1C89800C9; Wed, 4 Jun 2014 09:41:53 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1401889313; bh=nyj+r+uq4lITacdivaXoO/D1YuMTJH+d+xZTpJQX6G4=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=CKWU7ZzVRfr39xAMR5h9FDoUSq9lsJIo/xPgrl66KkH0fWHdbLU7OMhawx4TZrl3r ASINXzFs7xn/OJ+JG67CtEMKS0kqxCVLGZts0k9p/8DVt7L2wSHjZX4dsDurLi/5KZ aMHBbKSTTzaHQx5rJI+Im+wCp7GYDTMFeN1ikP7o= Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id s54DfrvI025953; Wed, 4 Jun 2014 09:41:53 -0400 X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs Date: Wed, 4 Jun 2014 09:41:53 -0400 (EDT) From: Paul Wouters To: IPsec ME WG List In-Reply-To: Message-ID: References: <501287C6-CC21-44BA-80AA-BC38B3722A0E@vpnc.org> User-Agent: Alpine 2.10 (LFD 1266 2009-07-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=ISO-8859-7 Content-Transfer-Encoding: 8BIT Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/Xhzs3Ga9jnk86XJEZtcp-Eiw2Go Cc: Valery Smyslov , Paul Hoffman Subject: Re: [IPsec] Any reason to meet in Toronto? X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2014 13:42:03 -0000 On Tue, 3 Jun 2014, Yoav Nir wrote: > Well, there¢s my puzzles draft ([1]). There is also null-auth [2] which I think has not been presented. While presenting it would be a one slide presentation, it would be good to get this unstuck and have people review it, as I'm waiting on the IANA registry code point for this :/ > [1] http://tools.ietf.org/html/draft-nir-ipsecme-puzzles-00 [2] http://tools.ietf.org/html/draft-smyslov-ipsecme-ikev2-null-auth-01 > On Jun 3, 2014, at 1:56 AM, Paul Hoffman wrote: > >> Greetings again. The WG currently has no documents under active discussion. Given that, Yaron and I thought that we don't *have* to meet in Toronto. However, at our meetings, we try to let people with IPsec-related drafts to make initial presentations. We could have a short meeting to do that in Toronto if there are a few documents that (a) have not been presented at previous IPsecME WG meetings and (b) are related to IPsec. >> >> Thoughts? >> >> --Paul Hoffman >> _______________________________________________ >> IPsec mailing list >> IPsec@ietf.org >> https://www.ietf.org/mailman/listinfo/ipsec > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > From nobody Wed Jun 4 06:47:31 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D1FB1A023E for ; Wed, 4 Jun 2014 06:47:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0zwTL9MjOdZo for ; Wed, 4 Jun 2014 06:47:28 -0700 (PDT) Received: from mail-lb0-x22a.google.com (mail-lb0-x22a.google.com [IPv6:2a00:1450:4010:c04::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C81AE1A0238 for ; Wed, 4 Jun 2014 06:47:27 -0700 (PDT) Received: by mail-lb0-f170.google.com with SMTP id w7so4398468lbi.15 for ; Wed, 04 Jun 2014 06:47:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:from:to:cc:references:subject:date:mime-version :content-type:content-transfer-encoding; bh=UikQUHDTOhYdPhIq+gMbTawKpZFhP0NKKSpfXAYJcIc=; b=NUl5z3HL/MOXBF0rZEm6YtnPZH4rRZkABKl4egZq4aiVbdCgcHoM3Icn/G516YfxDR kEgSPtoRMpKQsmIynUVWllaArNoFKVvG5+OaNIQD1XqaYXwDArcO9My9WCA/JpNGvA/f D5P02DJxiPa3TRD+aIYf7YDWDsGk+PlK0aqf0SW+oWy873Xc6BtY0x7tr0scmLIKkfyf M1rs59Q4IUUILpgF8eyd87ScsWzi/xxwrGhe5d2PozD/RUgxXXC7znIzbo1wq99hDHNa fRHjScNre1KixOslm2YFxLZKk0kSoCJCTIRvCtpzRfcJ6bFFDspZN7hnfbQObQgNcaO0 yUSg== X-Received: by 10.112.133.198 with SMTP id pe6mr2505238lbb.76.1401889640269; Wed, 04 Jun 2014 06:47:20 -0700 (PDT) Received: from buildpc ([93.188.44.200]) by mx.google.com with ESMTPSA id ui5sm2578602lbb.32.2014.06.04.06.47.18 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Wed, 04 Jun 2014 06:47:19 -0700 (PDT) Message-ID: From: "Valery Smyslov" To: "Paul Wouters" , "IPsec ME WG List" References: <501287C6-CC21-44BA-80AA-BC38B3722A0E@vpnc.org> Date: Wed, 4 Jun 2014 17:47:21 +0400 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="ISO-8859-7"; reply-type=response Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/WpN_oVz8MNRWYyfjwwEUkUdBmIo Cc: Paul Hoffman Subject: Re: [IPsec] Any reason to meet in Toronto? X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2014 13:47:29 -0000 I've already asked co-chairs for a slot to present null-auth in a private e-mail. Valery. > On Tue, 3 Jun 2014, Yoav Nir wrote: > >> Well, there¢s my puzzles draft ([1]). > > There is also null-auth [2] which I think has not been presented. While > presenting it would be a one slide presentation, it would be good > to get this unstuck and have people review it, as I'm waiting on the > IANA registry code point for this :/ > >> [1] http://tools.ietf.org/html/draft-nir-ipsecme-puzzles-00 > > [2] http://tools.ietf.org/html/draft-smyslov-ipsecme-ikev2-null-auth-01 > >> On Jun 3, 2014, at 1:56 AM, Paul Hoffman wrote: >> >>> Greetings again. The WG currently has no documents under active >>> discussion. Given that, Yaron and I thought that we don't *have* to meet >>> in Toronto. However, at our meetings, we try to let people with >>> IPsec-related drafts to make initial presentations. We could have a >>> short meeting to do that in Toronto if there are a few documents that >>> (a) have not been presented at previous IPsecME WG meetings and (b) are >>> related to IPsec. >>> >>> Thoughts? >>> >>> --Paul Hoffman >>> _______________________________________________ >>> IPsec mailing list >>> IPsec@ietf.org >>> https://www.ietf.org/mailman/listinfo/ipsec >> >> _______________________________________________ >> IPsec mailing list >> IPsec@ietf.org >> https://www.ietf.org/mailman/listinfo/ipsec >> From nobody Wed Jun 4 07:00:52 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E0D21A0246 for ; Wed, 4 Jun 2014 07:00:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.651 X-Spam-Level: X-Spam-Status: No, score=-2.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.651] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F5e5IydNk96z for ; Wed, 4 Jun 2014 07:00:46 -0700 (PDT) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3DAD1A0213 for ; Wed, 4 Jun 2014 07:00:46 -0700 (PDT) Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 3AD26800C9; Wed, 4 Jun 2014 10:00:40 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1401890440; bh=obkLBHsTz7mGznyCuWZZnVuCBc9L1WO9IlcX6pU3GDs=; h=Date:From:To:cc:Subject; b=j0NtNCYHKpxKGWTlSHgQu+7WF0xre1zxiBGW2wc9eQBDGaR7Rhb0U29VM1Pmiy4fO ADPmksDCR5HcW3oyp/6do7DoZ6TXO8+F62T6EUOxkCgyRA9WrwQrlSsvKdRZhzo3pp HOu2Dpj3MhN+KQNHsTfhSjetP+Ym3GJJQV+ZBHfw= Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id s54E0dbg026627; Wed, 4 Jun 2014 10:00:39 -0400 X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs Date: Wed, 4 Jun 2014 10:00:39 -0400 (EDT) From: Paul Wouters To: Valery Smyslov Message-ID: User-Agent: Alpine 2.10 (LFD 1266 2009-07-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=UTF-8; format=flowed Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/zC_5_aMZeFXOUmXoFjkaSKU8mjU Cc: "ipsec@ietf.org WG" Subject: Re: [IPsec] draft-smyslov-ipsecme-ikev2-null-auth-01 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2014 14:00:51 -0000 On Wed, 4 Jun 2014, Valery Smyslov wrote: > I've already asked co-chairs for a slot to present null-auth > in a private e-mail. Great :) We should probably add a comment about rekeying. If the responder becomes the initiator, it might run into issues. Possibly an entity that did not authenticate the peer should not initiate a rekey. There is also the case where A uses null auth to an authenticated B, and B then gets independantly triggered to setup a null auth connection to A. We haven't fully figured out how to deal with this other than "if we see our own IPSECKEY record, don't initiate null auth", but I'm not sure if that covers everyone's use case. Paul ps. i also still prefer AUTH_NONE over "NULL AUTH", as to me NULL looks more like an error while "none" conveys intent. From nobody Wed Jun 4 07:24:04 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5887C1A0277 for ; Wed, 4 Jun 2014 07:24:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O1QWzyk2M9f1 for ; Wed, 4 Jun 2014 07:23:55 -0700 (PDT) Received: from mail-lb0-x22f.google.com (mail-lb0-x22f.google.com [IPv6:2a00:1450:4010:c04::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 810DB1A023E for ; Wed, 4 Jun 2014 07:23:55 -0700 (PDT) Received: by mail-lb0-f175.google.com with SMTP id l4so4355411lbv.20 for ; Wed, 04 Jun 2014 07:23:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:from:to:cc:references:subject:date:mime-version :content-type:content-transfer-encoding; bh=6Hw25B+qjO8o830VvfqMXuJWEi5hIca7S15lVieHQ/o=; b=Z1mvISwPsoK30T7PqbYOr3u6sPndT0Bak8BUNDdBN+M7TNEH6FL5/a1pUjmRUOlOU0 pvzadBHwLUP5oMy8K/CfUL16BWWxIUv7a1HhwtzeaGT2PhB6Su169eU4CvXzZASyOcik kHODFMoA+iA8DILjdLrJAd3dqhcOw7qSp2Na3kYQ+2cMfgEfuzOUrWGKIifZLFZ7iQbe dVooXrV63VWNWUGlbYX7sDg88dAS47elri+g7un66/kPmNy2ip5AJzXjkpnYSYUF5ekJ CF0Otm2hiSSDd6GSf2RhaQJ/9mQbIIsHtiBP6lXlOR404nIs0ZhaL3JIjPJwHZHH/n2p 4wXg== X-Received: by 10.152.87.20 with SMTP id t20mr2655074laz.79.1401891828198; Wed, 04 Jun 2014 07:23:48 -0700 (PDT) Received: from buildpc ([93.188.44.200]) by mx.google.com with ESMTPSA id bq6sm2659025lbb.34.2014.06.04.07.23.46 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Wed, 04 Jun 2014 07:23:46 -0700 (PDT) Message-ID: <6B4DF0DF50834023A731B29091A790F2@buildpc> From: "Valery Smyslov" To: "Paul Wouters" References: Date: Wed, 4 Jun 2014 18:23:49 +0400 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="UTF-8"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/Rt6enhjyod9XMERJyPObG7tNj0I Cc: ipsec@ietf.org Subject: Re: [IPsec] draft-smyslov-ipsecme-ikev2-null-auth-01 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2014 14:24:02 -0000 >> I've already asked co-chairs for a slot to present null-auth >> in a private e-mail. > > Great :) > > We should probably add a comment about rekeying. If the responder > becomes the initiator, it might run into issues. Possibly an entity > that did not authenticate the peer should not initiate a rekey. Rekeying or reauthentication? I don't think rekeying might cause a problem as it doesn't include any authentication. Or do you refer to some different issue? > There is also the case where A uses null auth to an authenticated B, > and B then gets independantly triggered to setup a null auth connection > to A. We haven't fully figured out how to deal with this other than > "if we see our own IPSECKEY record, don't initiate null auth", but I'm > not sure if that covers everyone's use case. I think it is more relevant to a specific use case than to the method itself. Some text could be added that if entity is authenticated using some mechanism other than NULL, then NULL SHOULD not be used for the same entity. > Paul > ps. i also still prefer AUTH_NONE over "NULL AUTH", as to me NULL looks > more like an error while "none" conveys intent. I remember it. However I'm still waiting for other's opinions on this. Naming is not a problem. From nobody Wed Jun 4 08:02:41 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 351031A0283 for ; Wed, 4 Jun 2014 08:02:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.347 X-Spam-Level: X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 87B1gwzqQw-c for ; Wed, 4 Jun 2014 08:02:39 -0700 (PDT) Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DD731A0277 for ; Wed, 4 Jun 2014 08:02:39 -0700 (PDT) Received: from [10.20.30.90] (50-1-51-90.dsl.dynamic.fusionbroadband.com [50.1.51.90]) (authenticated bits=0) by hoffman.proper.com (8.14.8/8.14.7) with ESMTP id s54F2VmE039939 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Wed, 4 Jun 2014 08:02:32 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) X-Authentication-Warning: hoffman.proper.com: Host 50-1-51-90.dsl.dynamic.fusionbroadband.com [50.1.51.90] claimed to be [10.20.30.90] Content-Type: text/plain; charset=iso-8859-7 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) From: Paul Hoffman In-Reply-To: Date: Wed, 4 Jun 2014 08:02:29 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <73CFBEC7-C7A7-4457-A4C3-B656662850D6@vpnc.org> References: <501287C6-CC21-44BA-80AA-BC38B3722A0E@vpnc.org> To: IPsec ME WG List X-Mailer: Apple Mail (2.1878.2) Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/5HQMBSU3p0BzKhxyoJMfTlCTDjY Subject: Re: [IPsec] Any reason to meet in Toronto? X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2014 15:02:40 -0000 On Jun 4, 2014, at 6:41 AM, Paul Wouters wrote: > While > presenting it would be a one slide presentation, it would be good > to get this unstuck and have people review it, as I'm waiting on the > IANA registry code point for this :/ The Toronto meeting is more than six weeks away. If someone wants a = document finished before then, please don't wait: discuss it on the list = and move it forwards. There is nothing magic about being able to say "I = made a presentation at a meeting", particularly in this WG. --Paul Hoffman= From nobody Wed Jun 4 09:20:54 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C74901A03B7 for ; Wed, 4 Jun 2014 09:20:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.542 X-Spam-Level: X-Spam-Status: No, score=-2.542 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, T_TVD_MIME_NO_HEADERS=0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B8LP6S30yLiH for ; Wed, 4 Jun 2014 09:20:43 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.252.184]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E22A1A03BA for ; Wed, 4 Jun 2014 09:20:43 -0700 (PDT) Received: from sandelman.ca (desk.marajade.sandelman.ca [209.87.252.247]) by tuna.sandelman.ca (Postfix) with ESMTP id 7675620029; Wed, 4 Jun 2014 12:23:45 -0400 (EDT) Received: by sandelman.ca (Postfix, from userid 179) id EF37163B0E; Wed, 4 Jun 2014 12:20:30 -0400 (EDT) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id D976763AED; Wed, 4 Jun 2014 12:20:30 -0400 (EDT) From: Michael Richardson To: "Valery Smyslov" In-Reply-To: <6B4DF0DF50834023A731B29091A790F2@buildpc> References: <6B4DF0DF50834023A731B29091A790F2@buildpc> X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Sender: mcr@sandelman.ca Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/xHWzl2e171n6FFadd3NQFlSFx9Y Cc: ipsec@ietf.org, Paul Wouters Subject: Re: [IPsec] draft-smyslov-ipsecme-ikev2-null-auth-01 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2014 16:20:44 -0000 --=-=-= Valery Smyslov wrote: >> Paul ps. i also still prefer AUTH_NONE over "NULL AUTH", as to me NULL >> looks more like an error while "none" conveys intent. > I remember it. However I'm still waiting for other's opinions on this. > Naming is not a problem. I prefer AUTH_NONE over "NULL AUTH". Still, that doesn't convey enough intent; AUTH_DIDNTWANTTO, or something like that might say it better, but that's a mouthful, so I can live with AUTH_NONE if we can't do better. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEVAwUBU49HToCLcPvd0N1lAQJi4wgAhGLn+MI9HdWFy8kF9iINTq2e832ZQYmE i7IkiDh0OZbjA5pGGtR2lputGBNAg9tLVBLrmsaTTvlODuNWL9uhUJXam3gDYGxV XTTObBYZqNYxwZrJDRZnLjvh7yV/nF7D6X79YcP6v+3uCVX0LAEYscMdgJI6wNZj N9BbVbI+IE6N0Wv8UtpPf/LagGRFfVKrcga8CZQegOHmQFVbko+0eM7exk88ogcM aITgQuQFsRKi7BN68z/1HPT7JP01urVuvy1v5mAwQv2b70mCebNCLxCkmEvCl2jj leaUzu2USGbueTNKhg9y6cezMn8q+yDYLypy2Mf3EqPpPdYnsvae7A== =stgm -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Jun 4 09:47:38 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A41121A02F9 for ; Wed, 4 Jun 2014 09:47:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.651 X-Spam-Level: X-Spam-Status: No, score=-2.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.651] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HdBplMmUzQjf for ; Wed, 4 Jun 2014 09:47:35 -0700 (PDT) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F15C91A00DF for ; Wed, 4 Jun 2014 09:47:34 -0700 (PDT) Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id EBD55800C9 for ; Wed, 4 Jun 2014 12:47:27 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1401900447; bh=TpR8JSyPkOS19WrK5q8B+N+nQgAu2onaloRElzyGT7U=; h=Date:From:To:Subject:In-Reply-To:References; b=G8+eWYBWYnxZtFV+7wN2rocdAWd3kGw3HPYbebp2hAe4YVqKeMEkHT01iyDDRssbZ xCIpRnFY2CYS5V5SB9ChPw15exsXS0czm0jtPn4O1gS8oOZaUoX7P9mhDgu4MBd2Aq 60liEdG05d4JB8BcDEyttBwv68kEGo+gzZE5Jukc= Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id s54GlRkJ022700 for ; Wed, 4 Jun 2014 12:47:27 -0400 X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs Date: Wed, 4 Jun 2014 12:47:27 -0400 (EDT) From: Paul Wouters To: "ipsec@ietf.org WG" In-Reply-To: <20615.1401898830@sandelman.ca> Message-ID: References: <6B4DF0DF50834023A731B29091A790F2@buildpc> <20615.1401898830@sandelman.ca> User-Agent: Alpine 2.10 (LFD 1266 2009-07-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/MY0nUmzBOJnMPYQBYl-QNqTZv2M Subject: Re: [IPsec] draft-smyslov-ipsecme-ikev2-null-auth-01 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2014 16:47:36 -0000 On Wed, 4 Jun 2014, Michael Richardson wrote: > Valery Smyslov wrote: > >> Paul ps. i also still prefer AUTH_NONE over "NULL AUTH", as to me NULL > >> looks more like an error while "none" conveys intent. > > > I remember it. However I'm still waiting for other's opinions on this. > > Naming is not a problem. > > I prefer AUTH_NONE over "NULL AUTH". > Still, that doesn't convey enough intent; AUTH_DIDNTWANTTO, or something > like that might say it better, but that's a mouthful, so I can live with > AUTH_NONE if we can't do better. AUTH_ANON ? Although I think AUTH_NONE is more in line with how we name things. Paul From nobody Wed Jun 4 13:03:44 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 291031A0313 for ; Wed, 4 Jun 2014 13:03:40 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.542 X-Spam-Level: X-Spam-Status: No, score=-2.542 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, T_TVD_MIME_NO_HEADERS=0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OZPZdBR0dg9J for ; Wed, 4 Jun 2014 13:03:38 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.252.184]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A16B1A0329 for ; Wed, 4 Jun 2014 13:03:38 -0700 (PDT) Received: from sandelman.ca (desk.marajade.sandelman.ca [209.87.252.247]) by tuna.sandelman.ca (Postfix) with ESMTP id 78EEF20029 for ; Wed, 4 Jun 2014 16:06:40 -0400 (EDT) Received: by sandelman.ca (Postfix, from userid 179) id 54B2C63B0E; Wed, 4 Jun 2014 16:03:28 -0400 (EDT) Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 3FA7C63AED for ; Wed, 4 Jun 2014 16:03:28 -0400 (EDT) From: Michael Richardson To: "ipsec\@ietf.org WG" In-Reply-To: References: <6B4DF0DF50834023A731B29091A790F2@buildpc> <20615.1401898830@sandelman.ca> X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Sender: mcr@sandelman.ca Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/msBWfYkWG-fjbJVbDKwq6cjbflE Subject: Re: [IPsec] draft-smyslov-ipsecme-ikev2-null-auth-01 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2014 20:03:40 -0000 --=-=-= Paul Wouters wrote: >> Valery Smyslov wrote: >> Paul ps. i also still >> prefer AUTH_NONE over "NULL AUTH", as to me NULL >> looks more like an >> error while "none" conveys intent. >> >> > I remember it. However I'm still waiting for other's opinions on >> this. > Naming is not a problem. >> >> I prefer AUTH_NONE over "NULL AUTH". Still, that doesn't convey >> enough intent; AUTH_DIDNTWANTTO, or something like that might say it >> better, but that's a mouthful, so I can live with AUTH_NONE if we >> can't do better. > AUTH_ANON ? Although I think AUTH_NONE is more in line with how we name > things. I don't agree that it is anonymous. It says that the identity was not authenticated, it didn't say that no identity was provided. Clearly: the identity can't be trusted and can't be used in anyway. So, given that, how does one look up acceptable TSx in the PAD? I think that the opportunistic encryption use case given can not make any sense without reference to the PAD. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEVAwUBU497kICLcPvd0N1lAQICEQf+J+zw+9lfSyUgMaDt9K+4uXT2p2PpX/5G JTwpQM/zbR9QI23qrjdJUlnJJpLsrw42LzFexoPmkelum76XRHu49vJFf40lulOL dzElSfEaFzvV69/wz4j/gOcIEzX9g5hFXusyRs8nuoxxni4WprI7Cdb+FwgPu0FX 51XA09ZYXEpJrVYU8+ckcIR4N3+HLAS4nR5jTxBG3perLi5lTLl3mksPPbqu1dEA zKLpLYjOLubhHQrBKQ73jmDo0d9amm35izXSCpnnzqiIDREmbmPjGnFmL/EQAbFz HtlL2Nsana0/kNiod2yGZM3fIylCgTikbs8/EA0srnEolAIi26p0lA== =Dn1o -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Jun 4 14:55:15 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01E4C1A024F for ; Wed, 4 Jun 2014 14:55:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8kcLStIA2tz4 for ; Wed, 4 Jun 2014 14:55:13 -0700 (PDT) Received: from mail-wi0-x234.google.com (mail-wi0-x234.google.com [IPv6:2a00:1450:400c:c05::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2DE6A1A0309 for ; Wed, 4 Jun 2014 14:55:13 -0700 (PDT) Received: by mail-wi0-f180.google.com with SMTP id hi2so2312128wib.1 for ; Wed, 04 Jun 2014 14:55:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=8aBw8t+ayC6nuk9JCzAXeAYPki0qeVAVSr6fbo/oCnE=; b=LNVLP0RbX7+zaKTweMb3LwPnvv+xPLNWTUeo2cDb4H4amR4XIZIUlbe63grMM8K848 kQUW/Ltd3QGg5bxHVjgwKCugkvYMDsfT8kkJv+NZi80Id9/GcKWddcB9W15Fw0tSNxDl iMwBIWXLzJn72tGvo5wkrf8wMVKfU9z7fqlAjpubmc4b9dgWvGQ0Ue5cMv3O98ELorjg izsZFUukLtb83Iqls15hHkfGv5eQJYMsCPRHPR026qBjP7HBGhHXYxNXxfQiDAIzs/pJ 5KyaDCtr+v2y81C+rA6Qsk1ok8/VM/eacg+jHHZlMxoB/CuoYGO7LZhYBtHxNPnjiz1F k4Fg== X-Received: by 10.180.212.77 with SMTP id ni13mr9394210wic.5.1401918905845; Wed, 04 Jun 2014 14:55:05 -0700 (PDT) Received: from [192.168.1.102] (bzq-84-109-50-18.red.bezeqint.net. [84.109.50.18]) by mx.google.com with ESMTPSA id be3sm5345759wjc.5.2014.06.04.14.55.04 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 04 Jun 2014 14:55:05 -0700 (PDT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) From: Yoav Nir In-Reply-To: <2862.1401912208@sandelman.ca> Date: Thu, 5 Jun 2014 00:55:01 +0300 Content-Transfer-Encoding: quoted-printable Message-Id: <78E351CE-8058-4529-8973-72963A10536C@gmail.com> References: <6B4DF0DF50834023A731B29091A790F2@buildpc> <20615.1401898830@sandelman.ca> <2862.1401912208@sandelman.ca> To: Michael Richardson X-Mailer: Apple Mail (2.1878.2) Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/5ROkUFObKZGb1rYXUWtyr7NySFg Cc: "ipsec@ietf.org WG" Subject: Re: [IPsec] draft-smyslov-ipsecme-ikev2-null-auth-01 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2014 21:55:15 -0000 On Jun 4, 2014, at 11:03 PM, Michael Richardson = wrote: >=20 > Paul Wouters wrote: >>> Valery Smyslov wrote: >> Paul ps. i also still >>> prefer AUTH_NONE over "NULL AUTH", as to me NULL >> looks more like = an >>> error while "none" conveys intent. >>>=20 >>>> I remember it. However I'm still waiting for other's opinions on >>> this. > Naming is not a problem. >>>=20 >>> I prefer AUTH_NONE over "NULL AUTH". Still, that doesn't convey >>> enough intent; AUTH_DIDNTWANTTO, or something like that might say it >>> better, but that's a mouthful, so I can live with AUTH_NONE if we >>> can't do better. >=20 >> AUTH_ANON ? Although I think AUTH_NONE is more in line with how we = name >> things. >=20 > I don't agree that it is anonymous. It says that the identity was not > authenticated, it didn't say that no identity was provided. Section 2.2 says that =93As peer identity is meaningless in this case, = Identification Data SHOULD be omited from ID Payload=94([1]), and even = if sent, it MUST be ignored by IKE. So it=92s really not provided. > Clearly: the identity can't be trusted and can't be used in anyway. > So, given that, how does one look up acceptable TSx in the PAD? That=92s a good question. What prevents a random attacker from sending a = TSr covering IP address 8.8.8.8, and getting a whole bunch of DNS = queries. That=92s easier than bugging the ISP or break the wifi = password. > I think that the opportunistic encryption use case given can not make = any > sense without reference to the PAD. I think that=92s the hard part of any opportunistic IPsec. It=92s not = always better than nothing, because you might be making it easier for = Eve.=20 Yoav [1] sic - =93omitted=94 should have two t's= From nobody Wed Jun 4 20:05:45 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F0801A0403 for ; Wed, 4 Jun 2014 20:05:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.651 X-Spam-Level: X-Spam-Status: No, score=-2.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.651] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YBHJzEs-_Y6h for ; Wed, 4 Jun 2014 20:05:40 -0700 (PDT) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA1AA1A0408 for ; Wed, 4 Jun 2014 20:05:39 -0700 (PDT) Received: from [193.110.157.228] (unknown [76.10.157.65]) by bofh.nohats.ca (Postfix) with ESMTPSA id E7FDC800C9; Wed, 4 Jun 2014 23:05:32 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1401937532; bh=Hh44ZqvQW3w0Slekyxeju06hSyiD/TzVU0dqyeZuuko=; h=References:In-Reply-To:Cc:From:Subject:Date:To; b=ONz/RhGVjJWYCMGu2f9l5LzPB8UvzRawxqaTqrw77XsyHIfmCXOxU9eFoj6m7wmrC pidlw+vkjwHCJY5SJu5stLNG3tkPecNWrZHlER1DRkBWNfQv7+bqdRE+0QCK/lAR9I 44p8qsNm5BLE4Q+x76oOUbdOBVRKWVGhVbNwmf8g= References: <6B4DF0DF50834023A731B29091A790F2@buildpc> <20615.1401898830@sandelman.ca> <2862.1401912208@sandelman.ca> Mime-Version: 1.0 (1.0) In-Reply-To: <2862.1401912208@sandelman.ca> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: <5EAE9355-B906-45BC-BB95-9C8793F69276@nohats.ca> X-Mailer: iPhone Mail (11D201) From: Paul Date: Wed, 4 Jun 2014 23:05:34 -0400 To: Michael Richardson Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/a0uH8RksHkv6JJ8ClX7DyNYMr00 Cc: "ipsec@ietf.org WG" Subject: Re: [IPsec] draft-smyslov-ipsecme-ikev2-null-auth-01 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2014 03:05:41 -0000 The connections are host to host only, all ports, no gateways. You can call i= t no PAD, or call this policy the PAD. I don't see a problem with mapping au= th none to this policy? Sent from my iPhone > On Jun 4, 2014, at 16:03, Michael Richardson wrote= : >=20 >=20 > Paul Wouters wrote: >>> Valery Smyslov wrote: >> Paul ps. i also still >>> prefer AUTH_NONE over "NULL AUTH", as to me NULL >> looks more like an >>> error while "none" conveys intent. >>>=20 >>>> I remember it. However I'm still waiting for other's opinions on >>> this. > Naming is not a problem. >>>=20 >>> I prefer AUTH_NONE over "NULL AUTH". Still, that doesn't convey >>> enough intent; AUTH_DIDNTWANTTO, or something like that might say it >>> better, but that's a mouthful, so I can live with AUTH_NONE if we >>> can't do better. >=20 >> AUTH_ANON ? Although I think AUTH_NONE is more in line with how we name >> things. >=20 > I don't agree that it is anonymous. It says that the identity was not > authenticated, it didn't say that no identity was provided. >=20 > Clearly: the identity can't be trusted and can't be used in anyway. > So, given that, how does one look up acceptable TSx in the PAD? >=20 > I think that the opportunistic encryption use case given can not make any > sense without reference to the PAD. >=20 > -- > Michael Richardson , Sandelman Software Works > -=3D IPv6 IoT consulting =3D- >=20 >=20 >=20 > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec From nobody Wed Jun 4 20:12:25 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99FBE1A03CF for ; Wed, 4 Jun 2014 20:12:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.65 X-Spam-Level: X-Spam-Status: No, score=-2.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_QP_LONG_LINE=0.001, RP_MATCHES_RCVD=-0.651] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x-q35N4KOM-g for ; Wed, 4 Jun 2014 20:12:21 -0700 (PDT) Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C2361A0180 for ; Wed, 4 Jun 2014 20:12:21 -0700 (PDT) Received: from [193.110.157.228] (unknown [76.10.157.65]) by bofh.nohats.ca (Postfix) with ESMTPSA id 67755800C9; Wed, 4 Jun 2014 23:12:14 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1401937934; bh=fLm0vn5eqRHV3EwcY/CoqHNfkGRXzbD59V3kYj3jznM=; h=References:In-Reply-To:Cc:From:Subject:Date:To; b=p+tknzPrxOEYTT2g0NA33YwGnVuZaUQcrTHVbw2YKaU8nE2WUq4DwnL8C9RJDh1Qq LBKejiPBwoFOVMVNXbX6qomP3vfuzHWj+PuukXMiNIL8l10ktE5xcEs9P+5viSccOH E4O0L7e4zPPBCC+e0aO8R37bhcFsbjPGu/CMDonM= References: <6B4DF0DF50834023A731B29091A790F2@buildpc> <20615.1401898830@sandelman.ca> <2862.1401912208@sandelman.ca> <78E351CE-8058-4529-8973-72963A10536C@gmail.com> Mime-Version: 1.0 (1.0) In-Reply-To: <78E351CE-8058-4529-8973-72963A10536C@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Message-Id: X-Mailer: iPhone Mail (11D201) From: Paul Date: Wed, 4 Jun 2014 23:12:15 -0400 To: Yoav Nir Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/ivczNWL0weOPs-eow3PpKH2ql64 Cc: "ipsec@ietf.org WG" , Michael Richardson Subject: Re: [IPsec] draft-smyslov-ipsecme-ikev2-null-auth-01 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2014 03:12:22 -0000 Sent from my iPhone > On Jun 4, 2014, at 17:55, Yoav Nir wrote: >=20 >=20 >=20 > Section 2.2 says that =E2=80=9CAs peer identity is meaningless in this cas= e, Identification Data SHOULD be omited from ID Payload=E2=80=9D([1]), and e= ven if sent, it MUST be ignored by IKE. So it=E2=80=99s really not provided.= There wasn't consensus on that but I'm clearly if that opinion as well. >=20 > That=E2=80=99s a good question. What prevents a random attacker from sendi= ng a TSr covering IP address 8.8.8.8, and getting a whole bunch of DNS queri= es. That=E2=80=99s easier than bugging the ISP or break the wifi password. Our implementation has a global option that allows only rfc1918 and related (= eg 25/8) for NATT. We might be able to not need it with the Linux VTI hooks a= nd NAT, but that's still a work in progress. For the protocol work I'd say t= hat is all local implementation. >> I think that the opportunistic encryption use case given can not make any= >> sense without reference to the PAD. >=20 > I think that=E2=80=99s the hard part of any opportunistic IPsec. It=E2=80=99= s not always better than nothing, because you might be making it easier for E= ve.=20 >=20 > Yoav >=20 > [1] sic - =E2=80=9Comitted=E2=80=9D should have two t's > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec From nobody Thu Jun 5 05:02:10 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F71D1A0079; Thu, 5 Jun 2014 05:02:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.901 X-Spam-Level: X-Spam-Status: No, score=-2.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.651] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y30LwZc5W1GN; Thu, 5 Jun 2014 05:02:00 -0700 (PDT) Received: from mx2.eict.de (mx2.eict.de [212.91.241.168]) by ietfa.amsl.com (Postfix) with ESMTP id AAC561A0075; Thu, 5 Jun 2014 05:01:59 -0700 (PDT) Received: by mx2.eict.de (Postfix, from userid 481) id CC8C31FF66; Thu, 5 Jun 2014 14:01:52 +0200 (CEST) Received: from mail.eict.de (mx1 [172.16.6.1]) by mx2.eict.de (Postfix) with ESMTP id 612451FF60; Thu, 5 Jun 2014 14:01:52 +0200 (CEST) Received: from sbs2008.eict.local (sbs2008.intern.eict.de [192.168.2.11]) by mail.eict.de (Postfix) with ESMTP id 0C6C137825F; Thu, 5 Jun 2014 14:01:52 +0200 (CEST) Received: from SBS2008.eict.local ([fe80::2051:ef24:c7c9:f298]) by SBS2008.eict.local ([fe80::2051:ef24:c7c9:f298%13]) with mapi; Thu, 5 Jun 2014 14:01:51 +0200 From: Kostas Pentikousis To: "ippm@ietf.org" , "ipsec@ietf.org" Date: Thu, 5 Jun 2014 14:01:50 +0200 Thread-Topic: New Version Notification for draft-ietf-ippm-ipsec-03.txt Thread-Index: Ac+AtS63VifhV2+pTsOYd53wj3hkGAAAIhVw Message-ID: <0C7EDCF89AB9E2478B5D010026CFF4AEA10C4F1674@SBS2008.eict.local> Accept-Language: en-US, de-DE Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, de-DE Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/_Kb_XUODNihe19zZUuzHRl6P48c Subject: [IPsec] WG: New Version Notification for draft-ietf-ippm-ipsec-03.txt X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2014 12:02:07 -0000 RGVhciBhbGwsDQoNCldlIGhhdmUgdXBkYXRlZCB0aGUgZHJhZnQgb24gIk5ldHdvcmsgUGVyZm9y bWFuY2UgTWVhc3VyZW1lbnQgZm9yIElQc2VjIiAoc2VlIGJlbG93KS4gV2Ugd291bGQgZ3JlYXRs eSBhcHByZWNpYXRlIGNvbW1lbnRzIGZyb20gYm90aCBJUFBNIGFuZCBJUFNFQyBhcyB3ZSdyZSBo ZWFkaW5nIHRvIGZpbmFsaXppbmcgdGhpcyB3b3JrIGl0ZW0gaW4gSVBQTS4NCg0KQmVzdCByZWdh cmRzLA0KDQpLb3N0YXMNCg0KDQotLS0tLVVyc3Byw7xuZ2xpY2hlIE5hY2hyaWNodC0tLS0tDQpW b246IGludGVybmV0LWRyYWZ0c0BpZXRmLm9yZyBbbWFpbHRvOmludGVybmV0LWRyYWZ0c0BpZXRm Lm9yZ10gDQpHZXNlbmRldDogRG9ubmVyc3RhZywgNS4gSnVuaSAyMDE0IDEzOjU2DQpBbjogWWFu ZyBDdWk7IEVtbWEgWmhhbmc7IEVtbWEgWmhhbmc7IFlhbmcgQ3VpOyBLb3N0YXMgUGVudGlrb3Vz aXM7IEtvc3RhcyBQZW50aWtvdXNpcw0KQmV0cmVmZjogTmV3IFZlcnNpb24gTm90aWZpY2F0aW9u IGZvciBkcmFmdC1pZXRmLWlwcG0taXBzZWMtMDMudHh0DQoNCg0KQSBuZXcgdmVyc2lvbiBvZiBJ LUQsIGRyYWZ0LWlldGYtaXBwbS1pcHNlYy0wMy50eHQgaGFzIGJlZW4gc3VjY2Vzc2Z1bGx5IHN1 Ym1pdHRlZCBieSBLb3N0YXMgUGVudGlrb3VzaXMgYW5kIHBvc3RlZCB0byB0aGUgSUVURiByZXBv c2l0b3J5Lg0KDQpOYW1lOgkJZHJhZnQtaWV0Zi1pcHBtLWlwc2VjDQpSZXZpc2lvbjoJMDMNClRp dGxlOgkJTmV0d29yayBQZXJmb3JtYW5jZSBNZWFzdXJlbWVudCBmb3IgSVBzZWMNCkRvY3VtZW50 IGRhdGU6CTIwMTQtMDYtMDUNCkdyb3VwOgkJaXBwbQ0KUGFnZXM6CQkxMg0KVVJMOiAgICAgICAg ICAgIGh0dHA6Ly93d3cuaWV0Zi5vcmcvaW50ZXJuZXQtZHJhZnRzL2RyYWZ0LWlldGYtaXBwbS1p cHNlYy0wMy50eHQNClN0YXR1czogICAgICAgICBodHRwczovL2RhdGF0cmFja2VyLmlldGYub3Jn L2RvYy9kcmFmdC1pZXRmLWlwcG0taXBzZWMvDQpIdG1saXplZDogICAgICAgaHR0cDovL3Rvb2xz LmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1pcHBtLWlwc2VjLTAzDQpEaWZmOiAgICAgICAgICAg aHR0cDovL3d3dy5pZXRmLm9yZy9yZmNkaWZmP3VybDI9ZHJhZnQtaWV0Zi1pcHBtLWlwc2VjLTAz DQoNCkFic3RyYWN0Og0KICAgVGhlIE8vVFdBTVAgc2VjdXJpdHkgbWVjaGFuaXNtIHJlcXVpcmVz IHRoYXQgYm90aCB0aGUgY2xpZW50IGFuZA0KICAgc2VydmVyIGVuZHBvaW50cyBwb3NzZXNzIGEg c2hhcmVkIHNlY3JldC4gIFNpbmNlIHRoZSBjdXJyZW50bHktDQogICBzdGFuZGFyZGl6ZWQgTy9U V0FNUCBzZWN1cml0eSBtZWNoYW5pc20gb25seSBzdXBwb3J0cyBhIHByZS1zaGFyZWQNCiAgIGtl eSBtb2RlLCBsYXJnZSBzY2FsZSBkZXBsb3ltZW50IG9mIE8vVFdBTVAgaXMgaGluZGVyZWQNCiAg IHNpZ25pZmljYW50bHkuICBBdCB0aGUgc2FtZSB0aW1lLCByZWNlbnQgdHJlbmRzIHBvaW50IHRv IHdpZGVyIElLRXYyDQogICBkZXBsb3ltZW50IHdoaWNoLCBpbiB0dXJuLCBjYWxscyBmb3IgbWVj aGFuaXNtcyBhbmQgbWV0aG9kcyB0aGF0DQogICBlbmFibGUgdHVubmVsIGVuZC11c2VycywgYXMg d2VsbCBhcyBvcGVyYXRvcnMsIHRvIG1lYXN1cmUgb25lLXdheSBhbmQNCiAgIHR3by13YXkgbmV0 d29yayBwZXJmb3JtYW5jZSBpbiBhIHN0YW5kYXJkaXplZCBtYW5uZXIuICBUaGlzIGRvY3VtZW50 DQogICBkaXNjdXNzZXMgdGhlIHVzZSBvZiBrZXlzIGRlcml2ZWQgZnJvbSBhbiBJS0V2MiBTQSBh cyB0aGUgc2hhcmVkIGtleQ0KICAgaW4gTy9UV0FNUC4gIElmIHRoZSBzaGFyZWQga2V5IGNhbiBi ZSBkZXJpdmVkIGZyb20gdGhlIElLRXYyIFNBLCBPLw0KICAgVFdBTVAgY2FuIHN1cHBvcnQgY2Vy dGlmaWNhdGUtYmFzZWQga2V5IGV4Y2hhbmdlLCB3aGljaCB3b3VsZCBhbGxvdw0KICAgZm9yIG1v cmUgb3BlcmF0aW9uYWwgZmxleGliaWxpdHkgYW5kIGVmZmljaWVuY3kuICBUaGUga2V5IGRlcml2 YXRpb24NCiAgIHByZXNlbnRlZCBpbiB0aGlzIGRvY3VtZW50IGNhbiBhbHNvIGZhY2lsaXRhdGUg YXV0b21hdGljIGtleQ0KICAgbWFuYWdlbWVudC4NCg0KICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg IA0KDQoNClBsZWFzZSBub3RlIHRoYXQgaXQgbWF5IHRha2UgYSBjb3VwbGUgb2YgbWludXRlcyBm cm9tIHRoZSB0aW1lIG9mIHN1Ym1pc3Npb24gdW50aWwgdGhlIGh0bWxpemVkIHZlcnNpb24gYW5k IGRpZmYgYXJlIGF2YWlsYWJsZSBhdCB0b29scy5pZXRmLm9yZy4NCg0KVGhlIElFVEYgU2VjcmV0 YXJpYXQNCg0K From nobody Thu Jun 5 06:36:51 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8240D1A0159 for ; Thu, 5 Jun 2014 06:36:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.346 X-Spam-Level: X-Spam-Status: No, score=-0.346 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001, STOX_REPLY_TYPE=0.439, TVD_FINGER_02=1.215] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wVv3mgVIKObq for ; Thu, 5 Jun 2014 06:36:48 -0700 (PDT) Received: from mail-la0-x236.google.com (mail-la0-x236.google.com [IPv6:2a00:1450:4010:c03::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 552DA1A0143 for ; Thu, 5 Jun 2014 06:36:48 -0700 (PDT) Received: by mail-la0-f54.google.com with SMTP id pv20so573743lab.41 for ; Thu, 05 Jun 2014 06:36:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:from:to:cc:references:subject:date:mime-version :content-type:content-transfer-encoding; bh=QqKEZxCvZyBA+y2qebO1ZtP5ePOUkccdW1VZgF/MZdY=; b=DH0hUuN96awn1t5tpmpkioIzrgYflTpb1UNxjyszzCyW5ynhS2gLOjY1GVFW3J+/eg vi5oAS8YZI9f7swxr5eDCFakzQYtyFJdSiRoa6+Bl0FhuVSu06m43X9dCeblUoTV8+f1 dY6xXqHhSZwpJMdjgRSCKZXmem4e37shZkSDXRsHSTPtPc6o69DZwPKtJVOc1y4Om9Q3 kYadaeMAZDqBmWE+EOxtgA0eveld90CvUxBW53pkCW17MPbpi3kNIZa1Hh5JroIwf9o+ 6Tnqwuf2C+XKcdQrb1aLEQcy9v9h99k6oi61OzTuHdmxnT+O13VG2zOAEWGnHe6NgtHK dXgQ== X-Received: by 10.152.4.227 with SMTP id n3mr46821077lan.16.1401975400706; Thu, 05 Jun 2014 06:36:40 -0700 (PDT) Received: from buildpc ([93.188.44.200]) by mx.google.com with ESMTPSA id z1sm5021619lal.6.2014.06.05.06.36.39 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 05 Jun 2014 06:36:39 -0700 (PDT) Message-ID: From: "Valery Smyslov" To: "Yoav Nir" , "Michael Richardson" References: <6B4DF0DF50834023A731B29091A790F2@buildpc> <20615.1401898830@sandelman.ca> <2862.1401912208@sandelman.ca> <78E351CE-8058-4529-8973-72963A10536C@gmail.com> Date: Thu, 5 Jun 2014 17:36:42 +0400 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1252"; reply-type=original Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/rpunzce4jzVOD9pVtE9HYx1yMxc Cc: ipsec@ietf.org Subject: Re: [IPsec] draft-smyslov-ipsecme-ikev2-null-auth-01 X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2014 13:36:49 -0000 Hi Yoav, > >> AUTH_ANON ? Although I think AUTH_NONE is more in line with how we name > >> things. > > > > I don't agree that it is anonymous. It says that the identity was not > > authenticated, it didn't say that no identity was provided. > > Section 2.2 says that “As peer identity is meaningless in this case, > Identification Data SHOULD > be omited from ID Payload”([1]), and even if sent, it MUST be ignored by > IKE. So it’s really not provided. True. > > Clearly: the identity can't be trusted and can't be used in anyway. > > So, given that, how does one look up acceptable TSx in the PAD? > > That’s a good question. What prevents a random attacker from sending a TSr > covering IP address 8.8.8.8, > and getting a whole bunch of DNS queries. That’s easier than bugging the > ISP or break the wifi password. I think it depends on use case. If unauthenticated peer performs remote access to RAS then the server will most likely assign him/her an IP address from internal space and the situation you have describe won't happen. And if the peer didn't request the address, the server should probably reject the connection. > Yoav > > [1] sic - “omitted” should have two t's Thanks, fixed. Regards, Valery. From nobody Fri Jun 6 02:22:33 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF9271A0435; Fri, 6 Jun 2014 02:22:29 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gh188kcv4tNz; Fri, 6 Jun 2014 02:22:28 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id DF3881A0409; Fri, 6 Jun 2014 02:22:28 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 5.4.3 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20140606092228.28863.84771.idtracker@ietfa.amsl.com> Date: Fri, 06 Jun 2014 02:22:28 -0700 Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/K1Fa9F8aNTlg0bt12qd1rgU8-Ig Cc: ipsec@ietf.org Subject: [IPsec] I-D Action: draft-kivinen-ipsecme-ikev2-rfc5996bis-04.txt X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2014 09:22:30 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Maintenance and Extensions Working Group of the IETF. Title : Internet Key Exchange Protocol Version 2 (IKEv2) Authors : Charlie Kaufman Paul Hoffman Yoav Nir Pasi Eronen Tero Kivinen Filename : draft-kivinen-ipsecme-ikev2-rfc5996bis-04.txt Pages : 139 Date : 2014-06-06 Abstract: This document describes version 2 of the Internet Key Exchange (IKE) protocol. IKE is a component of IPsec used for performing mutual authentication and establishing and maintaining Security Associations (SAs). This document obsoletes RFC 5996, and includes all of the errata for it. It advances IKEv2 to be an Internet Standard. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-kivinen-ipsecme-ikev2-rfc5996bis/ There's also a htmlized version available at: http://tools.ietf.org/html/draft-kivinen-ipsecme-ikev2-rfc5996bis-04 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-kivinen-ipsecme-ikev2-rfc5996bis-04 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From chintuofkpt@gmail.com Fri Jun 6 04:06:09 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0734C1A042B for ; Fri, 6 Jun 2014 04:06:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.599 X-Spam-Level: X-Spam-Status: No, score=-0.599 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WXRqmkq5tC1O for ; Fri, 6 Jun 2014 04:06:07 -0700 (PDT) Received: from mail-ig0-x241.google.com (mail-ig0-x241.google.com [IPv6:2607:f8b0:4001:c05::241]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A869B1A0429 for ; Fri, 6 Jun 2014 04:06:07 -0700 (PDT) Received: by mail-ig0-f193.google.com with SMTP id uq10so180131igb.0 for ; Fri, 06 Jun 2014 04:06:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=4mPkMDcnB5X9IjpaNaKJdSReyCzUS88nNnymYgd13dw=; b=FRlh0keBrZja7oMbSjiUJakjDGhw3XEOpRm2voLPi1kF0M+prcLcbnvl+i72GqHWT/ rVxLRadMjs3HHRwPB98oL0xaZK+a+VMy359z5FM1Gb/PqJxTG5SPJRBJ3MJUTuhSm9Lm xqkQ18lsko7sXwCNftQQA4N5Y8/deI7r5IHXPfgzkl9Bc0anRVwi3tWORNO6IPc4iSRk WZhpYrv0Kp3XVsy9+N8Qy0hlLQRsgY2pGKYIb0b0IOP0rtn4FfuovPK2jV6kKgNj2g0p rgoBAHP5tOnZErOmWjfTR3FM6oNa87iepvzvYcXhPxqzSul80UH8tQzQwc/vo6itPeZW rmfg== MIME-Version: 1.0 X-Received: by 10.50.131.132 with SMTP id om4mr4775320igb.14.1402052760846; Fri, 06 Jun 2014 04:06:00 -0700 (PDT) Received: by 10.64.20.111 with HTTP; Fri, 6 Jun 2014 04:06:00 -0700 (PDT) Date: Fri, 6 Jun 2014 16:36:00 +0530 Message-ID: From: Chintu Aggarwal To: ipsec@lists.tislabs.com, usagi-users@linux-ipv6.org, ipsec@ietf.org Content-Type: multipart/alternative; boundary=047d7b343d5ac4468304fb28d880 Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/vzw_vecfLHl9TAFCJcInSa8WQXU Subject: [IPsec] Query on PF_KEY vs. Netlink interface X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2014 11:07:10 -0000 --047d7b343d5ac4468304fb28d880 Content-Type: text/plain; charset=UTF-8 Hi There was this query as below posted sometime back, but I couldn't find the response to it. Can someone please provide the details? Thanks, Chintu ----------------------------------------------------------------------------------------------------------------------- In net/key/af_key.c, there are something about PF_KEY as follows: static struct xfrm_mgr pfkeyv2_mgr = { .id = "pfkeyv2", .notify = pfkey_send_notify, .acquire = pfkey_send_acquire, .compile_policy = pfkey_compile_policy, .new_mapping = pfkey_send_new_mapping, }; In net/xfrm/xfrm_user.c, there are also something about Netlink as follows: static struct xfrm_mgr netlink_mgr = { .id = "netlink", .notify = xfrm_send_state_notify, .acquire = xfrm_send_acquire, .compile_policy = xfrm_compile_policy, .notify_policy = xfrm_send_policy_notify, }; When kernel send a message to racoon for setting up a SA, both pfkey_send_acquire() and xfrm_send_acquire() seem to be getting invoked. My query is what is the relationship between PF_KEY and Netlink in Linux kernel, when we use IPsec? --047d7b343d5ac4468304fb28d880 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi

There was this query as below posted= sometime back, but I couldn't find the response to it. Can someone ple= ase provide the details?

Thanks,
Chintu<= /div>

-------------------------------------------------------= ----------------------------------------------------------------
=
In net/key/af_key.c, there are something about PF_KEY as follows:
static struct xfrm_mgr pfkeyv2_mgr =3D
{
=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0 .id=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0 =3D "pfkeyv2",
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 .notify=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0 =3D pfkey_send_notify,
=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0 .acquire=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =3D p= fkey_send_acquire,=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0.compile_policy =3D pfkey_compile_policy,
=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 .new_mapping=C2=A0=C2=A0=C2=A0 =3D pfkey_send_new_map= ping,
};

=C2=A0=C2=A0=C2=A0
In net/xfrm/xfrm_= user.c, there are also something about Netlink as follows:
static struct xfrm_mgr netlink_mgr =3D {
=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0 .id=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0 =3D "netlink",
=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0 .notify=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0 =3D xfrm_send_state_notify,
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 .acquire=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0 =3D xfrm_send_acquire,
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0 .compile_policy =3D xfrm_compile_policy,
=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0 .notify_policy=C2=A0 =3D xfrm_send_policy_notify,<= br>};
=C2=A0 =C2=A0
When kernel send a message to racoon for= setting up a SA, both pfkey_send_acquire() and xfrm_send_acquire() seem to= be getting invoked.

My query is what is the relationship between PF_KEY and Net= link in Linux kernel, when we use IPsec?
--047d7b343d5ac4468304fb28d880-- From nobody Fri Jun 6 06:24:13 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D8F81A00D7; Fri, 6 Jun 2014 06:24:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3y1uE-RZEsyk; Fri, 6 Jun 2014 06:24:08 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5702B1A007F; Fri, 6 Jun 2014 06:24:08 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 5.4.3 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20140606132408.2232.30503.idtracker@ietfa.amsl.com> Date: Fri, 06 Jun 2014 06:24:08 -0700 Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/K3exaTmWVelxX6TeXFRaNsf7CTA Cc: ipsec@ietf.org Subject: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-fragmentation-09.txt X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2014 13:24:09 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Maintenance and Extensions Working Group of the IETF. Title : IKEv2 Fragmentation Author : Valery Smyslov Filename : draft-ietf-ipsecme-ikev2-fragmentation-09.txt Pages : 25 Date : 2014-06-06 Abstract: This document describes the way to avoid IP fragmentation of large IKEv2 messages. This allows IKEv2 messages to traverse network devices that do not allow IP fragments to pass through. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-fragmentation/ There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-ipsecme-ikev2-fragmentation-09 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-ikev2-fragmentation-09 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Jun 9 07:31:55 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C69131A01A0; Mon, 9 Jun 2014 07:31:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wMdRwmJEqRuV; Mon, 9 Jun 2014 07:31:49 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DC401A01BD; Mon, 9 Jun 2014 07:31:47 -0700 (PDT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: The IESG To: IETF-Announce X-Test-IDTracker: no X-IETF-IDTracker: 5.4.3 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20140609143147.15306.43883.idtracker@ietfa.amsl.com> Date: Mon, 09 Jun 2014 07:31:47 -0700 Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/AQY2wYgBxd73_IciAXCR15gGc1U Cc: ipsecme mailing list , ipsecme chair , RFC Editor Subject: [IPsec] Protocol Action: 'Internet Key Exchange Protocol Version 2 (IKEv2)' to Internet Standard (draft-kivinen-ipsecme-ikev2-rfc5996bis-04.txt) X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jun 2014 14:31:51 -0000 The IESG has approved the following document: - 'Internet Key Exchange Protocol Version 2 (IKEv2)' (draft-kivinen-ipsecme-ikev2-rfc5996bis-04.txt) as Internet Standard This document is the product of the IP Security Maintenance and Extensions Working Group. The IESG contact persons are Kathleen Moriarty and Stephen Farrell. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-ikev2-rfc5996bis/ Technical Summary This document replaces and updates RFC 5996 (IKEv2), and includes all of the errata for it, and it is intended to update IKEv2 to be Internet Standard. It was meant to be part of an effort to move IKEv2 to Full Standard, but that effort flagged; still, the draft has useful clarifications. Working Group Summary The WG discussion of the document was scant, but with enough review to make it acceptable. There were no objections to adoption. Document Quality Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Yes, there are implementations. None of the recommendations in this update are radical, but are trying to progress the current state of security for IPsec, motivating implementers to make the recommended updates. The WG has not heard from many implementers. They do know that several plan to update according to this draft including an OEM provider and a vendor that has implementations. Here is a diff from RFC5996: http://tools.ietf.org/rfcdiff?url1=rfc5996&url2=draft-kivinen-ipsecme-ikev2-rfc5996bis-03.txt Personnel Paul Hoffman (IPsecME WG co-chair) is the document shepherd and Kathleen Moriarty is the responsible AD. From nobody Mon Jun 9 22:15:24 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 715CA1A03D6; Mon, 9 Jun 2014 22:15:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GfkR7z40tlVJ; Mon, 9 Jun 2014 22:15:19 -0700 (PDT) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 409631A03C7; Mon, 9 Jun 2014 22:15:19 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: i-d-announce@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 5.5.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20140610051519.18368.29432.idtracker@ietfa.amsl.com> Date: Mon, 09 Jun 2014 22:15:19 -0700 Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/afiMH1iXeMDDv_H46JWW2QSZ18M Cc: ipsec@ietf.org Subject: [IPsec] I-D Action: draft-ietf-ipsecme-ikev2-fragmentation-10.txt X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jun 2014 05:15:20 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Maintenance and Extensions Working Group of the IETF. Title : IKEv2 Fragmentation Author : Valery Smyslov Filename : draft-ietf-ipsecme-ikev2-fragmentation-10.txt Pages : 26 Date : 2014-06-09 Abstract: This document describes the way to avoid IP fragmentation of large IKEv2 messages. This allows IKEv2 messages to traverse network devices that do not allow IP fragments to pass through. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-fragmentation/ There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-ipsecme-ikev2-fragmentation-10 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-ikev2-fragmentation-10 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Tue Jun 10 16:12:08 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6AF21A0359 for ; Tue, 10 Jun 2014 16:12:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.347 X-Spam-Level: X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xurR_1_1Rfw0 for ; Tue, 10 Jun 2014 16:12:06 -0700 (PDT) Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC1451A0109 for ; Tue, 10 Jun 2014 16:12:05 -0700 (PDT) Received: from [10.20.30.90] (50-1-51-90.dsl.dynamic.fusionbroadband.com [50.1.51.90]) (authenticated bits=0) by hoffman.proper.com (8.14.8/8.14.7) with ESMTP id s5ANC3Cq009179 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Tue, 10 Jun 2014 16:12:04 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) X-Authentication-Warning: hoffman.proper.com: Host 50-1-51-90.dsl.dynamic.fusionbroadband.com [50.1.51.90] claimed to be [10.20.30.90] From: Paul Hoffman Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: <4A22392D-264E-421E-9508-E6F0E38056FA@vpnc.org> Date: Tue, 10 Jun 2014 16:12:01 -0700 To: IPsec ME WG List Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) X-Mailer: Apple Mail (2.1878.2) Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/2ZF7mfG_UH-BAS0sIvo-tyOgEro Subject: [IPsec] Important: One-week WG review of newest draft-ietf-ipsecme-ikev2-fragmentation X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jun 2014 23:12:06 -0000 Greetings again. The IESG had a lot of questions and concerns about = draft-ietf-ipsecme-ikev2-fragmentation during their review. Valery made = a large number of changes to the text to help clarify the language, = particularly around PMTU. The current draft and all the IESG comments = can be found at: https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-fragmentation/ Before we take Valery's changes back to the IESG, we want to be sure = that the WG agrees on all the text and, if not, makes more = clarifications. Please send any comments to the list by Tuesday, June = 17. --Paul Hoffman= From nobody Mon Jun 16 13:41:40 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 920531A01F7 for ; Mon, 16 Jun 2014 13:41:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TEviwkSrJLa9 for ; Mon, 16 Jun 2014 13:41:27 -0700 (PDT) Received: from usevmg20.ericsson.net (usevmg20.ericsson.net [198.24.6.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97A7A1A01EB for ; Mon, 16 Jun 2014 13:41:27 -0700 (PDT) X-AuditID: c618062d-f79be6d000006b89-fa-539f05594a8a Received: from EUSAAHC007.ericsson.se (Unknown_Domain [147.117.188.93]) by usevmg20.ericsson.net (Symantec Mail Security) with SMTP id 81.92.27529.9550F935; Mon, 16 Jun 2014 16:55:22 +0200 (CEST) Received: from EUSAAMB105.ericsson.se ([147.117.188.122]) by EUSAAHC007.ericsson.se ([147.117.188.93]) with mapi id 14.03.0174.001; Mon, 16 Jun 2014 16:41:17 -0400 From: Steve Baillargeon To: "ipsec@ietf.org" Thread-Topic: [ipsec] TS Negotiation and Static Route Install Thread-Index: Ac+JoxrtxRC8uuOARWy3rKaQAnJiqg== Date: Mon, 16 Jun 2014 20:41:16 +0000 Message-ID: Accept-Language: en-CA, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [147.117.188.9] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrILMWRmVeSWpSXmKPExsUyuXRPrG4U6/xgg7kXmCz2b3nB5sDosWTJ T6YAxigum5TUnMyy1CJ9uwSujJlrowomslWcfPuaqYHxB0sXIyeHhICJxIT316FsMYkL99az dTFycQgJHGWUuHn8FjOEs5xR4v7ct2BVbAIWEuvnLmMGsUUEVCVOLZvOCmILA8UfnP/BBhG3 lTjaPxvI5gCy9STONSaBhFmAyneevcEIYvMK+Ep07T4G1sooICux++x1JhCbWUBc4taT+UwQ BwlILNlznhnCFpV4+fgfK4StKLGvfzo7RL2OxILdn9ggbG2JZQtfM0PMF5Q4OfMJywRG4VlI xs5C0jILScssJC0LGFlWMXKUFqeW5aYbGWxiBIbxMQk23R2Me15aHmIU4GBU4uFN+DEvWIg1 say4MvcQozQHi5I476xaoJBAemJJanZqakFqUXxRaU5q8SFGJg5OqQZGdXFvpd+P17S8tF7G 1XT3vpbGIvnLoblNnYe/H9tqs25jhJW9kOaqe1YCwv2Gpp4HZlpd2S0Rv//0ua8/NYyE5d99 7Lj6b/LLu68Ui9Pjfd3mCW2KfVTALbepUO5/3vm1Hwoe39wukb2P+Z1ga5HkdDVeD5Y20Wa5 yzVTa/vdC2frbrGQubVEiaU4I9FQi7moOBEAHJtqyEQCAAA= Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/HCqCrkEeXrmCdt_5zbmgnpZlg8c Subject: [IPsec] [ipsec] TS Negotiation and Static Route Install X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jun 2014 20:41:31 -0000 Hi I have a couple of questions/comments about IKEv2 bis: - in the section 2.9 on Traffic Selector Negotiation, I think it will be go= od to have a few sentences about the relation (or lack of) between traffic = selector and static routing especially when dealing with AH/ESP tunnel mode= . As far as I know many implementers will automatically add a static route = after the traffic selectors are negotiated. - how should the initiator behaves if the responder did not return valid TS= i and TSr during Child SA establishment? For instance, the responder has a = "bug" and returns a TSr that is not within the original requested TSr. Shou= ld the initiator sends an INFORMATIONAL request with error notification TS_= UNACCEPTABLE to the responder? Regards Steve From nobody Tue Jun 17 21:03:45 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81F671A021A for ; Tue, 17 Jun 2014 21:03:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.351 X-Spam-Level: X-Spam-Status: No, score=-1.351 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, CHARSET_FARAWAY_HEADER=3.2, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DS-PqxttyG-P for ; Tue, 17 Jun 2014 21:03:41 -0700 (PDT) Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6940C1A0219 for ; Tue, 17 Jun 2014 21:03:40 -0700 (PDT) Received: from 172.18.7.190 (EHLO lhreml402-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BIN86814; Wed, 18 Jun 2014 04:03:39 +0000 (GMT) Received: from SZXEML462-HUB.china.huawei.com (10.82.67.205) by lhreml402-hub.china.huawei.com (10.201.5.241) with Microsoft SMTP Server (TLS) id 14.3.158.1; Wed, 18 Jun 2014 05:03:38 +0100 Received: from SZXEML513-MBX.china.huawei.com ([169.254.7.65]) by szxeml462-hub.china.huawei.com ([10.82.67.205]) with mapi id 14.03.0158.001; Wed, 18 Jun 2014 12:03:25 +0800 From: vijay kn To: "Zengxin (Ryan)" , "ipsec@ietf.org" , "vijay@wichorus.com" , "kilian.weniger@googlemail.com" Thread-Topic: =?gb2312?B?aGVsbG8scGxzIGhlbHAgdXMgY2xhcmlmeSB3aGF0IHNlcnZlciB3aWxsIGRv?= =?gb2312?B?o6xhY2NvcmRpbmcgUkZDNTY4NSBpZiByZWRpcmVjdCB0aW1lcyBtb3JlIHRo?= =?gb2312?B?YW4gTUFYX1JFRElSRUNUU6Os?= Thread-Index: Ac+KqE5fn1Ih/2jrQOuULOUdfIlm3QAARieQ Date: Wed, 18 Jun 2014 04:03:24 +0000 Message-ID: References: <6AA0F3C0EAC9474B84354D7C4BFF7A4B52DBA192@SZXEMA512-MBS.china.huawei.com> In-Reply-To: <6AA0F3C0EAC9474B84354D7C4BFF7A4B52DBA192@SZXEMA512-MBS.china.huawei.com> Accept-Language: en-US, zh-CN Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [10.18.146.58] Content-Type: multipart/related; boundary="_004_AD5AD8B0B070044BAD3C37D7057F37E153FF2A4Dszxeml513mbxchi_"; type="multipart/alternative" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/5IMyl_cY_5nGK8pmkojGLloC2kE Cc: "Fangongbin \(Allan\)" , dharmanandana pothulam , Shenwenbin , "Liujun \(Leo, FW-IPSec\)" , "00902833@notesmail.huawei.com" <00902833@notesmail.huawei.com> Subject: Re: [IPsec] =?gb2312?b?aGVsbG8scGxzIGhlbHAgdXMgY2xhcmlmeSB3aGF0IHNl?= =?gb2312?b?cnZlciB3aWxsIGRvo6xhY2NvcmRpbmcgUkZDNTY4NSBpZiByZWRpcmVjdCB0?= =?gb2312?b?aW1lcyBtb3JlIHRoYW4gTUFYX1JFRElSRUNUU6Os?= X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jun 2014 04:03:43 -0000 --_004_AD5AD8B0B070044BAD3C37D7057F37E153FF2A4Dszxeml513mbxchi_ Content-Type: multipart/alternative; boundary="_000_AD5AD8B0B070044BAD3C37D7057F37E153FF2A4Dszxeml513mbxchi_" --_000_AD5AD8B0B070044BAD3C37D7057F37E153FF2A4Dszxeml513mbxchi_ Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 RGVhciBaZW5neGluLA0KDQogICAgIEluIHlvdXIgY2FzZSBpZiB0aGUgY2xpZW50IGlzIGNvbnRp bnVvdXNseSBnZXR0aW5nIHJlZGlyZWN0ZWQgYnkgb3JpZ2luYWwgU2VHVyBvciB0aGUgb3RoZXIg Z2F0ZXdheXMgb2YgdGhlIGdhdGV3YXkgcG9vbCwgdGhlbiBpdCBpcyBiZXR0ZXIgdG8gY29uZmln dXJlIGEgYmFja3VwIFNlR1cgcG9vbCBvbiB0aGUgYmFzZSBzdGF0aW9uLg0KSSBtZWFuIGlmIHRo ZSBiZWxvdyBhYm5vcm1hbCBjYXNlIGlzIG1ldCB0aGVuIHRoZSBiYXNlIHN0YXRpb24gc2hvdWxk IGhhdmUgdGhlIGludGVsbGlnZW5jZSB0byBzZW5zZSB0aGUgTE9PUCBhbmQgc2hvdWxkIGhhdmUg YSBmYWxsYmFjayBhcHByb2FjaCBpbiBjb25uZWN0aW5nIHRvIGEgYmFja3VwIFNlR1cgd2hpY2gg d2lsbCBkZWZpbml0ZWx5IGVzdGFibGlzaCB0dW5uZWwgd2l0aCB0aGUgYmFzZSBzdGF0aW9uLg0K TGF0ZXIgdGhlIGNsaWVudCBjYW4gY29ubmVjdCBiYWNrIHdpdGggdGhlIKGwTWFzdGVyIFNlR1cv aW50ZW5kZWQgU2VHVyBieSB1c2luZyBhcHByb3ByaWF0ZSByZXRyeSB3aXRoIG9yaWdpbmFsLVNl R1ehsSBhbmQgZ3JhY2VmdWxseSBkZWxldGUgdGhlIHR1bm5lbCB3aXRoIHRoZSBTbGF2ZSBTZUdX Lg0KDQpUaGlzIGxlYWRzIHRvIGEgc2NlbmFyaW8gb2YgUkVESVJFQ1QgYW5kIE1hc3Rlci1TTEFW RSBnYXRld2F5IGZlYXR1cmUgY28tZXhpc3RlbmNlIGF0IHRoZSBiYXNlIHN0YXRpb24uDQoNCk5P VEU6IC0NClRoZSBiZWxvdyBzY2VuYXJpbyBpcyBhIHZlcnkgcmFyZSBzY2VuYXJpbyB0aGF0IGNh biBoYXBwZW4uDQoNCkZyb206IFplbmd4aW4gKFJ5YW4pDQpTZW50OiBXZWRuZXNkYXksIEp1bmUg MTgsIDIwMTQgOToyMCBBTQ0KVG86IGlwc2VjQGlldGYub3JnOyB2aWpheUB3aWNob3J1cy5jb207 IGtpbGlhbi53ZW5pZ2VyQGdvb2dsZW1haWwuY29tDQpDYzogU2hlbndlbmJpbjsgZGhhcm1hbmFu ZGFuYSBwb3RodWxhbTsgMDA5MDI4MzNAbm90ZXNtYWlsLmh1YXdlaS5jb207IEZhbmdvbmdiaW4g KEFsbGFuKTsgdmlqYXkga247IExpdWp1biAoTGVvLCBGVy1JUFNlYykNClN1YmplY3Q6IGhlbGxv LHBscyBoZWxwIHVzIGNsYXJpZnkgd2hhdCBzZXJ2ZXIgd2lsbCBkb6OsYWNjb3JkaW5nIFJGQzU2 ODUgaWYgcmVkaXJlY3QgdGltZXMgbW9yZSB0aGFuIE1BWF9SRURJUkVDVFOjrA0KDQpEZWFyIFZp amF5IERldmFyYXBhbGxpICYgS2lsaWFuIFdlbmlnZXI6DQogICAgV2UgYXJlIGZyb20gaHVhd2Vp LCBub3cgaW1wbGVtZW50aW5nIElLRXYyIFJlZGlyZWN0IEZlYXRydWUgIGFjY29yZGluZyB0byBS RkM1Njg1LiBCdXQgaW4gc29tZSBhYm5vcm1hbCBjYXNlLCBjYW4gdSBleHBsYWluIG1vcmUgYWJv dXQgd2hhdCBhY3Rpb24gbmV4dC4NCg0KUkZDNTY4NQ0KNy4gIEhhbmRsaW5nIFJlZGlyZWN0IExv b3BzDQoNCiAgIFRoZSBjbGllbnQgY291bGQgZW5kIHVwIGdldHRpbmcgcmVkaXJlY3RlZCBtdWx0 aXBsZSB0aW1lcyBpbiBhDQogICBzZXF1ZW5jZSwgZWl0aGVyIGJlY2F1c2Ugb2YgYSB3cm9uZyBj b25maWd1cmF0aW9uIG9yIGEgRG9TIGF0dGFjay4NCiAgIFRoZSBjbGllbnQgY291bGQgZXZlbiBl bmQgdXAgaW4gYSBsb29wIHdpdGggdHdvIG9yIG1vcmUgZ2F0ZXdheXMNCiAgIHJlZGlyZWN0aW5n IHRoZSBjbGllbnQgdG8gZWFjaCBvdGhlci4gIFRoaXMgY291bGQgZGVueSBzZXJ2aWNlIHRvIHRo ZQ0KICAgY2xpZW50LiAgVG8gcHJldmVudCB0aGlzLCB0aGUgY2xpZW50IFNIT1VMRCBiZSBjb25m aWd1cmVkIHRvIG5vdA0KICAgYWNjZXB0IG1vcmUgdGhhbiBhIGNlcnRhaW4gbnVtYmVyIG9mIHJl ZGlyZWN0cyAoTUFYX1JFRElSRUNUUykgd2l0aGluDQogICBhIHNob3J0IHRpbWUgcGVyaW9kIChS RURJUkVDVF9MT09QX0RFVEVDVF9QRVJJT0QpIGZvciBhIHBhcnRpY3VsYXINCiAgIElLRXYyIFNB IHNldHVwLg0KDQoNCmlmIHJlZGlyZWN0IHRpbWUgaXMgbW9yZSB0aGFuIE1BWF9SRURJUkVDVFMo ZGVmaW5lIGZvciBIYW5kbGluZyBSZWRpcmVjdCBMb29wcyksIHdlIGRvbqGvdCBrbm93IHdoYXQg dGhlIGFjdGlvbiB0aGUgc2VydmVyIHdpbGwgZG8gLCB0byBtYWtlIHN1cmUgb3VyIG5lZ290aWF0 ZSBjYW4gYmUgc3VjY2VlZC4NCiAgICAgICAoMSkgQWZ0ZXIgY2xpZW50IGlnbm9yZSB0aGUgcmVk aXJlY3QgcGF5bG9hZCBzZW50IGZyb20gQS1HVyhhIHNlbGVjdGVkIEdXKSwgaWYgY2xpZW50IGNv bnRpbnVlIHRvIG5lZ290aWF0ZXMgd2l0aCBBLUdXLCBBLUdXIG1heWJlIHN0aWxsIHNlbmQgcmVk aXJlY3QgcGF5bG9hZCB0byBjbGllbnQuDQogICAgQXQgdGhpcyB0aW1lLCBjbGllbnQgd2lsbCBp Z25vcmUgdGhlIHBheWxvYWQgYWdhaW4gYW5kIHJlcGVhdCB0aGUgc3RlcHMgbWVudGlvbmVkIGJl Zm9yZS4gU28gdGhlIHRoZSBuZWdvdGlhdGlvbiB3aWxsIGhhdmUgbm8gY2hhbmNlIHRvIGJlIHN1 Y2Nlc3MuDQoNCiAgICgyKSBBZnRlciBjbGllbnQgaWdub3JlIHRoZSByZWRpcmVjdCBwYXlsb2Fk IHNlbnQgZnJvbSBBLUdXKGEgc2VsZWN0ZWQgR1cpLCBpZiBjbGllbnQgbmVnb3RpYXRlcyB3aXRo IHRoZSBpbml0aWFsIEdXLCB3aGljaCBtYXliZSBhbHNvIHNlbmQgcmVkaXJlY3QgcGF5bG9hZCBh cyB0aGUgc3RlcCAoMSkNCiAgICBTbyBzYW1lIGFzICgxKSwgd2UgY2FuJ3QgbWFrZSBzdXJlIHdo ZXRoZXIgdGhlIG5lZ290aWF0aW9uIHdpbGwgYmUgc3VjY2VzcyBvciBub3QNCg0KQmVzdCBSZWdh cmRzLA0KDQpDeWJlciBTZWN1cml0eSBTb2x1dGlvbnMgRGVzaWduIERlcHQNClplbmcgWGluDQpf X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KW2NpZDppbWFnZTAwMS5wbmdAMDFDRjhB RDUuQkY1RERBRTBdDQpIdWF3ZWkgVGVjaG5vbG9naWVzIENvLiwgTHRkLg0KUGhvbmU6IDg2LTIx LTM4OTAwNzQzDQpNb2JpbGU6IDE1OTAwNjg2OTE5DQpFbWFpbDogcnlhbi56ZW5neGluQGh1YXdl aS5jb208bWFpbHRvOnJ5YW4uemVuZ3hpbkBodWF3ZWkuY29tPg0KTm8uMjIyMiwgWGluamlucWlh byBSZC4sIFB1ZG9uZyBEaXN0cmljdCxTaGFuZ2hhaSAyMDEyMDYsIFAuUi5DaGluYQ0KaHR0cDov L3d3dy5odWF3ZWkuY29tPGh0dHA6Ly93d3cuaHVhd2VpLmNvbS8+DQoNCg== --_000_AD5AD8B0B070044BAD3C37D7057F37E153FF2A4Dszxeml513mbxchi_ Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: quoted-printable

Dear = Zengxin,

=  

     In your case if the client i= s continuously getting redirected by original SeGW or the other gateways of= the gateway pool, then it is better to configure a backup SeGW pool on the base station.

I mea= n if the below abnormal case is met then the base station should have the i= ntelligence to sense the LOOP and should have a fallback approach in connec= ting to a backup SeGW which will definitely establish tunnel with the base station.

Later= the client can connect back with the =A1=B0Master SeGW/intended SeGW by us= ing appropriate retry with original-SeGW=A1=B1 and gracefully delete the tu= nnel with the Slave SeGW.

=  

This = leads to a scenario of REDIRECT and Master-SLAVE gateway feature co-existen= ce at the base station.

=  

NO= TE: -

The b= elow scenario is a very rare scenario that can happen.

=  

From: Zengxin (Ryan)
Sent: Wednesday, June 18, 2014 9:20 AM
To: ipsec@ietf.org; vijay@wichorus.com; kilian.weniger@googlemail.co= m
Cc: Shenwenbin; dharmanandana pothulam; 00902833@notesmail.huawei.co= m; Fangongbin (Allan); vijay kn; Liujun (Leo, FW-IPSec)
Subject: hello,pls help us clarify what server will do=A3=ACaccording RFC5685 if redirect times more than MAX_REDIRECTS= =A3=AC

 =

Dear Vijay Devarapalli & Kilian Weniger:

    We are from huawei, now implementing IKEv= 2 Redirect Featrue  according to RFC5685. But in some abnormal case, can u explain more about what action next.

 

RFC5685

7.  Handling Redirect Loops=

 

   The client could end up getting redirected mult= iple times in a

   sequence, either because of a wrong configurati= on or a DoS attack.

   The client could even end up in a loop with two= or more gateways

   redirecting the client to each other.  Thi= s could deny service to the

   client.  To prevent this, the client SHOUL= D be configured to not

   accept more than a certain number of redirects = (MAX_REDIRECTS) within

   a short time period (REDIRECT_LOOP_DETECT_PERIO= D) for a particular

   IKEv2 SA setup.=

  

 

if redirect time is more than MAX_REDIRECTS(define for Handling Redirect Loops), we don=A1=AFt know what the action the server will do , to make sure our negotiate can be succeed.

       (1) A= fter client ignore the redirect payload sent from A-GW(a selected GW), if c= lient continue to negotiates with A-GW, A-GW maybe still send redirect payl= oad to client.

    At this time, client will ignore the payload again a= nd repeat the steps mentioned before. So the the negotiation will have no chance to be success.

  

   (2) After client ignore the redirect payload sent from A-G= W(a selected GW), if client negotiates with the initial GW, which maybe also send redirect payload as the step (1)

    So same as (1), we can't make sure w= hether the negotiation will be success or not

 

Best Regards,

 

Cyber Security Solutions Design Dept

Zeng Xin

3D"cid:imag=
Huawei Technologies Co., Ltd.

Phone: 86-21-38900743

Mobile: 15900686919
Email: ryan.zengxin@huaw= ei.com

No.2222, Xinjinqiao Rd., Pudong District,Shanghai 201206, P.R.Chin= a
http://www.huawei.com

 

--_000_AD5AD8B0B070044BAD3C37D7057F37E153FF2A4Dszxeml513mbxchi_-- --_004_AD5AD8B0B070044BAD3C37D7057F37E153FF2A4Dszxeml513mbxchi_ Content-Type: image/png; name="image001.png" Content-Description: image001.png Content-Disposition: inline; filename="image001.png"; size=4883; creation-date="Wed, 18 Jun 2014 04:03:23 GMT"; modification-date="Wed, 18 Jun 2014 04:03:23 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAAGYAAAAgCAIAAABvvJpEAAAAAXNSR0IArs4c6QAAEs1JREFUaEPd molzHEWWxl9VV9/duk9LtizLt7AxvgAPNwbG2Bwz2IMJYJeIJQZid4EIjoVlmGOJ2GF3OWYWYtgZ BphlYIGB4RgfgDE+8IUP2fiUTyzLsu5Wq9V3V3VX7a+VhP4IZUgZWVmZL/N9+b33sjJbcwb6JeDK BiUpbpf4vOIJpKSYdDH9EpdkRhIBcYelQnf0fE50l+iOGI4U/3WtoElexB7t4RNbs5Pi5IqdxWNq 4QKVumijb8dN0sUfFLdXF7cBAEo7Q8QlxWI2p+WG68WoFN1jZajW3aKBF291WxxTsnErkwIw2oJh AaQcTUCxQMFFDRUKzfGUwMovLq8hHkNcmhhQJucZhcx0PKJXWpqRyshwWnp7pJDLOZbj2JLPSyEp +aRoaZ8r43Ky9OLPAhjbI7a7mIsb3GBZEbjxlTQnX1TKFiuP6uLhwYs1mSJpjNCS7pNy+qR0dqdD Qf+ypdnyCr8RlsEBc7DDLVmtrFTKyiVQldL9mubHGn0FW+y8aFivKzVKMf8oa8dT0rKWA6WKvskt w6OkKHdEy1LKSccZ5/13z+/c3tfXo89qnvrw/eVXXiU5L/VnTu7WzFh1aUmgrsFunuUunazZIduR vF7kqgvKYdaG5G0BSOSPp6RjZ/iwUW9keyUflLyGwoW8JOK9a9a2f7LOPHKiLB53D/QlTxwTPJeZ dUaiPidd4nNcZjR24VSs85SWjoplQUog/955OeKzMc5iIBhnSfcR99AJJtjpQDLmjUUlmRQzJ2e+ 69i+w7zQU2MY0+tqm4JBp+O89AzIcLwQHwk4heqKQLDMm88MZbvO5TvPi23i49zprJbOSsEq0jUv Xgg77vw/oW3UGjHFdFx6B4ugxKOSTcm58/nufn8hb6dTdiIeMPNGf1QiI+L1FZKZTE+/RGKSy+q5 jDcWN+IjBAcppLVkyoglJDUiFvHBFJsAMN6SXuRYNil2wuk5d+Tfnjvzy+ck0kvYFCsXsu1YMhYq K3PhweNZVzQjsbSkssl4yjtsykg+0dHtK2i+RFqGo4Jt6lbXXz7Y/dx/yrEjkmd3lxaNOFJ0bI7j FAqFfD5v29+zzjR5VUxUjjVQb8nHCjxmMhnyHOHacVTjeDw+1pFCOp1WolS9SqoXXdRACBwaGlJy yGOxGPNRLYeH8eHFRBvaq4KqSSQS2WxWPSqBqVRKz6Zi4tfETJ/fsiW+fWdi267Cus/EykpFmF1Y XWVNPBK10rlsPO3JOhJPS2Ikl0qGTV06h7yDWW0wk44lJRRgz2pt2zy8Y1t8x46udeul61wxgORG CKAKKZfLZRiGruuUmYfHw0akmDRNUxOlQK4aK3TULP1+oq54vV4aIIFyIBAgR5SCg4ISFQqxyjZY kFQvCpZlIYf6ysrKsVFKSkqYD28ZqLy8XK0ELUnUkKtlCIfDPp9PTUzlbrdbt0txY1ah7eDpv/7N 39tTMhQ5/tEnsn2HtNSXTa33aYYft56zdJc7NRKXjCm5VGwwYo9kpSfp6bULpwZzbCwm1MmF7rPr 14V6uir6urv+tl72HihCRozQGauYlFYqMbCCiZypqwmh+VhLhW8wGFRcUECgicIICCALNbRHW7RS 0pBAoi85DVBbCQE+hTXkYqngjkJZQUYBsSRWhbfIpMCq8IqWYzxVa1wcgI295K3uXfszx043hkKT SoL2yY7IO+/Bu8mLLkmm4gGvp0gKwz3Y1yvplGTSuYG+1ACWKNKXy19ITJwwqfjtsHGzdehoVTrW 7NG9F3oyh9slC8C6zSZjVAcURg650koZCAorFozhwlvUGzMNxUp0owtAK81ZfBTjkTS2DAinrHJk oiFv1YjIV1iXlZUptceaUQYUMFVrQ47pKdIp7MiRoHqxBkzD9dSvnvGm08l1X9lHTpTkc3o2Fy4Y keFoVW2JzGjx7Ducj8WSuRQbrqiVa5g7my1csv2YPjRUgpye4UC4Ur/lh9LV1ff+Wt+5C4We84aV cVBw4sTA1VdkSstdxU/X4rTQnBkwcG9v79GjR5kKChRnMJp4PHPmTGdnJ5PDak6fPn3o0CHVRqFG m76+voMHD6I8Jqb4CBbIPHfu3Pnz56nHxMAUODo6Or777rvq6mqwYGja0P3s2bNIiEaj9fX1Cnow Rcjhw4dxgpBRTQ+s8W5M4MKFC4zb1dWFE6yrq6M9Yunu+uWvnjXSpvbNvtzJU+bQgGaa1cGKZDJ5 fqivdv58T8AfPX6UPUcilQpOqCyfOpkoaZ/rzEeGTZBM5vzzF8q0qcMfrYls393g2PnoSM7MmwGP e8bM0HU3SFmte3Tbp4xILe+aNWteeumlU6dOTZ48GZWYNzM+ceLEiy+++Mc//nHatGnTp09///33 33zzzZGRkUWLFtFAcWTjxo0vvPACGs6ePRuioTZ0OHbs2BNPPPHWW28hkHrgpsE777zz7LPP8vbi iy9W0IDg008//corr+zZs4dxJ0yYAJuwu2+++Yb6devWzZ8/n2bt7e2/+93vXn755T//+c9/GU1M iSVBMo2Z4RtvvKF7M5roofD0mSUN9S5vkcxwKsAu9HCnfLldZk/0L2z2BI0g9uVYYuckk3AN9FkD /cMjUbO+XKY0yxf74hsPuIZHrHS8MiguPk2bqmsXzpNgtQeyj8YlxRQK2OPJkye3bt26b98+1h/N eaWodOTIkW+//ba7uxtV29ratmzZAhmVr1FqRyKRzZs3b9q0SZGLSrzYhg0bqAG4tWvX7ty5k2bN zc3ksIO1gX2KaPB327Ztx48fZ+gdO3YAN0NXVFR88cUX27dvh0dTpkyBhr/97W+fe+45WsJKSEqb qqqqmpoaWIYQZkVjXTq6JGfJksUlrVOztZUjAW+3GS/xh6sK7u4NW2UkVjJ3bt5wh0tKowNDgmcK hBN9kfhgjJOemqZGYmXmi02uC5FqX2nfUGrQkFipXt46Ta67iqAix85akWIIH4MMJQEI8lMDI5Tf wUcAKGqgKhryFppTQCXc8Fj4Uw6YHDUoYD5Yyscff4yoyy67DLXh5uDgIG8vueSS2tra3bt3wxpa Il9ZJTKhOWrTDLGMAoKgv3LlSob+4IMP3n333UmTJr322muffvrp22+/jXDW4+GHH0YmpkDf4hpv /eUze372mETOh//1kZl/v3qwvkbzVmgcB3ncmWQmsn6btMyvvXhJNG/UVTRxqCYWR2olnKq5dUO7 dqls2hTpOuszdMd0vDW152vqGlbdUf6P90u0V/7j2T0/e1Lr64FZimIsFJBhZcAEFlAdvij/Ohbm aUYlnkVFKxUox3w8i08lU6c9s//666/37t27bNkyDLalpeWrr76CCHT/wQ9+cNFFF9GLR5BlLMjI klx33XVwEIeIPwVoSI3DYkq33HILgNId4Ghz5513NjY2wiwWlZkgGVGowCMo66nDR/d++Mk7//J0 7MNPjWtuuOyxJxovbu1OxTOFgkczEmf75UC7LFoULy1NW5oEKkT3xgz3kNeY/JNV0nZwaN9+r2kW bIsunsYJC1atDt6+Sjr7jz35i50v/3fVQMTNt9coy4AGsFCVnDI+5aGHHkLb66+//p577nnssccw Q7WrgAvKVakQSV9QQHPwYtKKg9Rj4H/6059g06233orPuuuuu9iXvffee7Sncvny5QjBNmkMp/CD eMnHH398xowZ8AXuMCtoiDufN28erg1XiE+g75dffokouq9YsWLVqlU333wzj0gg5rD2paWlus/S GvWwvu/cZ0++1PvMi5K0An+3aso/3VveWON19ExP1DxzTha2tqy4LmLZUlIts1p7XI6xuFWuXiwn vkt09AQ1I1xTPufu5bWPPyCTmnv//eXdDzzjbR+8qLQpMTAi5vd7H/hPQlV0psCi4V+wLNwQVoP7 RzdcMgk7UkykAMS0B0SioQIOiqkNCvzav38/OkAiUMCpU4814dEBF2jwQcCKU0M+kQTWtLa2AhAS GJS1YXQGuummmxDClKgHMvZu+FniNWGEoIHvV58KzIcCybji1hXvvPqHioI+pazx2+1bzuxtW3LL ta4F84I/vTe4a9/A/raNB9sWfDWxbtnN7kMdxTPsTCJbU7Vs5Wp7T9uR4+3VlZXBOa0yZ5pMqcmt WXfqm2+9KZkkoWgimikJzLvqSqmrg/lqy0MOBMoeFy5cSKRDMcrMGBshHh04cACvweypgXFwSu3F lROBm7hkgCANDAxga2CKicFQaIUyQAZYhD9Ih33h4HD/69evZ53gCCyjOzb76quvsqEhJgINU7ri iiuYocKL7lD+gQceYOj+/n5qWCRsGbiZNiECBHXvNYvzMyf2SiGSy5RJeZU70Ln7YNv//EGinfLD +XN+8c9Tli89sv+Y9MSm/eT2zOwGZ1L1nOW3iLt657pt4XmzJjx0t6y4XMKe1BvvEzfrI9ZEx2/Y hu0KOzMny8XTpbZCuScSMwAOzAc4KKMVuoHdrFmzUI96FVKhGzBBN2IoiGCe4AXWkAUDARoeVfCi /cyZM0EExcjZCiAWLw4icHPx4sU0+PDDD3HqyGR5eGQHg29i2/X73/8emkMxgKC+qalpyZIlsBWk QBbOXnrppXPnzr3xxhvBGpsgXn+/lf3V6694da3j9JnOgY6w4c0XzK5Ynx7wrN27I1UwGyZMrFuw ZHKoZsQqlN57h9bS6JrRUtHQaB06GdK9jddczvH/qbZdpzZvzvcMGYkcx99D2VyXYxVmNDWvXGas XCGhoHiKe+ixjzXiOhsI1u3HP/4xFlf8BM3nMR/iHdy54YYbrrrqKiYHWTArXkFP1vbzzz+HF+B1 ++23o+fzzz/PloIyjv/RRx9dvXr1fffdxwLAVvACU/ZZQENAZGNBMIW8v/nNbyAvC0ANE+jpKcYl vJvakRGdYTQ+DpPEbFkSfAW2SUssHW6y5NAT34fKPY45nNyy4Q/XXv3m5OYtc+asa6rfMH3S1sWt n0xpWN/YnPqHh53//auzY4/jJHucVLszkHYS9qEDzucbnP96YdOlC//aUr+tdUp7S9OF5ml9k2ef mnXJ8Tt/kvq/15z+Y44Tsa0kU1GJKUKTRx55BK5BMWiCOahX6H/llVcydbaRVKLkU0891dDQANZQ Un2HAvr999+P/yK0Kc/4+uuvqxMONCGn189//nPqsVM8Hbg/+OCD6svp6quvpgEejRzeTZw4EYHs Jz777DP1KU4iaP76179esGCB+mhXg5LwgHg9FhXaArqWctK5xFC5o0s8Jd91SHt7frDXqKyW/mEO 9aUrlomN5ObNKnvwnk4r5lTUcuyKpZXmCpGP19r7DtWwt68tL558MEDGkmCZtDTJlAnSVCnlAc6D /HbQrwcgNo5WfY6ADosP5y+//HK1w4JHrDmehaB52223wQ6MlEqWGnTQE67hv7AsbAc4wJq4hiZL ly5FAsLVZzZYsySEUUa5++67+TBCIGNBOlAg/CEHIIiMODhMHiPFkQEc4LIeYId14w127dql4g+N sWgME8SJPx999BF2oEUd7jBtT//A8Q0b4WtJwaovDXmGEhOzXmsgOZK0Cs1NpT+6oWzZtVJVljQL Ia5C2JBnM9aefdE1X+YPtzNlb3mJWAmprmGvn8ibxrxW/x03yYyGAXEqpNQYXxcmWr+TKhWXe2Bg /9/WrXnrrbPftnFr2egNB0esgC88ddGll65e5bnxGqmpYrvPgXeBs8Zyf/GuYHjQ2brj7JdfRfbs T3X3hksD/fGR4ZwZntay+K5VE+69QyZVx8UVEG78xtUFgOuJp58Iubwuj6+hYdLk6lotV8j0RhNZ KzB/1sz7Vi548qf+65eILyTZAqd84tb0MB/aBDZTyvza3KbSRTOSpe6oVjh9oTvlMULzW+fd+aNJ y2+UhvqcIamC5de5Vx5X9+WciHK1YTt8uBhuLtHsw0c72w5lLHPq0svd0xrTvrAtRiDnuDQfRmdm TC3o4UbcpdmOu5CRvCE5fyIh0UzvZ5t9Lnd4WpPBAVG4hFP/gm64PHw8A/C4YpnmjKQk4EkW0mbe qvD6+VEBt8BSEuLOKWHlMvmC189PKwzTyfn4kYXXl8pYLj+XbcBQcJlpT95ycb4IjfiINEGfyziP 43Zz/+vKAq1H3Pr4cmX8xGJgWMpCJgzjkGD0PtMUwqcrk0v7vX7X6DVulAMzx6zS+JGLAWHAKy55 dvRh4gD3vY6VSic8oZCmu3jLXTlXo/x4w5W0JZUmaIyzu19+YAA1Cpbt2Jpuag6fgF5HMzOWzzN6 RszeI5nkNxsciwPP0OBA0MsNQsDlcdEjm01LwQ64vRqPXHFwAcFJi5Xh2Mfv43TDA4Ljyo2NbtOK viyVTAY9YQ6cOYHnGzrE1QaHoMXTQad4+YTeGJ2T5VbS4+ZXKnqRkFyyG3qhyCpx8bbAhSUnXkXQ Kfo1gyNYPp0tsULFe4Fxlf4f3/ybFLzs5LEAAAAASUVORK5CYII= --_004_AD5AD8B0B070044BAD3C37D7057F37E153FF2A4Dszxeml513mbxchi_-- From nobody Tue Jun 24 00:39:18 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 554401B287B for ; Tue, 24 Jun 2014 00:39:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.099 X-Spam-Level: * X-Spam-Status: No, score=1.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, CHARSET_FARAWAY_HEADER=3.2, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y8yyYcbcA0tE for ; Tue, 24 Jun 2014 00:39:14 -0700 (PDT) Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D7851B286F for ; Tue, 24 Jun 2014 00:39:12 -0700 (PDT) Received: from 172.18.7.190 (EHLO lhreml404-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BJE03068; Tue, 24 Jun 2014 07:39:10 +0000 (GMT) Received: from SZXEMA409-HUB.china.huawei.com (10.82.72.41) by lhreml404-hub.china.huawei.com (10.201.5.218) with Microsoft SMTP Server (TLS) id 14.3.158.1; Tue, 24 Jun 2014 08:39:09 +0100 Received: from SZXEMA512-MBS.china.huawei.com ([169.254.8.13]) by SZXEMA409-HUB.china.huawei.com ([10.82.72.41]) with mapi id 14.03.0158.001; Tue, 24 Jun 2014 15:39:04 +0800 From: "Zengxin (Ryan)" To: "ipsec@ietf.org" Thread-Topic: =?gb2312?B?ob5raW5kbHkgcmVtaW5kob8vLzogaGVsbG8scGxzIGhlbHAgdXMgY2xhcmlm?= =?gb2312?B?eSB3aGF0IHNlcnZlciB3aWxsIGRvo6xhY2NvcmRpbmcgUkZDNTY4NSBpZiBy?= =?gb2312?B?ZWRpcmVjdCB0aW1lcyBtb3JlIHRoYW4gTUFYX1JFRElSRUNUU6Os?= Thread-Index: Ac+KqE5fn1Ih/2jrQOuULOUdfIlm3QD7sctwADnUIFAAADt9QA== Date: Tue, 24 Jun 2014 07:39:04 +0000 Message-ID: <6AA0F3C0EAC9474B84354D7C4BFF7A4B646882BA@SZXEMA512-MBS.china.huawei.com> Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [10.142.151.52] Content-Type: multipart/related; boundary="_004_6AA0F3C0EAC9474B84354D7C4BFF7A4B646882BASZXEMA512MBSchi_"; type="multipart/alternative" MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/ABaMpZfbz8dWb7FERQa_B13_9fs Subject: [IPsec] =?gb2312?b?ob5raW5kbHkgcmVtaW5kob8vLzogaGVsbG8scGxzIGhl?= =?gb2312?b?bHAgdXMgY2xhcmlmeSB3aGF0IHNlcnZlciB3aWxsIGRvo6xhY2NvcmRpbmcg?= =?gb2312?b?UkZDNTY4NSBpZiByZWRpcmVjdCB0aW1lcyBtb3JlIHRoYW4gTUFYX1JFRElS?= =?gb2312?b?RUNUU6Os?= X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jun 2014 07:39:16 -0000 --_004_6AA0F3C0EAC9474B84354D7C4BFF7A4B646882BASZXEMA512MBSchi_ Content-Type: multipart/alternative; boundary="_000_6AA0F3C0EAC9474B84354D7C4BFF7A4B646882BASZXEMA512MBSchi_" --_000_6AA0F3C0EAC9474B84354D7C4BFF7A4B646882BASZXEMA512MBSchi_ Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 DQoNCreivP7IyzogWmVuZ3hpbiAoUnlhbikNCreiy83KsbzkOiAyMDE0xOo21MIxOMjVIDExOjUw DQrK1bz+yMs6ICdpcHNlY0BpZXRmLm9yZyc7ICd2aWpheUB3aWNob3J1cy5jb20nOyAna2lsaWFu LndlbmlnZXJAZ29vZ2xlbWFpbC5jb20nDQqzrcvNOiBTaGVud2VuYmluOyBkaGFybWFuYW5kYW5h IHBvdGh1bGFtOyAnMDA5MDI4MzNAbm90ZXNtYWlsLmh1YXdlaS5jb20nOyBGYW5nb25nYmluIChB bGxhbik7IHZpamF5IGtuOyBMaXVqdW4gKExlbywgRlctSVBTZWMpDQrW98ziOiBoZWxsbyxwbHMg aGVscCB1cyBjbGFyaWZ5IHdoYXQgc2VydmVyIHdpbGwgZG+jrGFjY29yZGluZyBSRkM1Njg1IGlm IHJlZGlyZWN0IHRpbWVzIG1vcmUgdGhhbiBNQVhfUkVESVJFQ1RTo6wNCg0KRGVhciBWaWpheSBE ZXZhcmFwYWxsaSAmIEtpbGlhbiBXZW5pZ2VyOg0KICAgIFdlIGFyZSBmcm9tIGh1YXdlaSwgbm93 IGltcGxlbWVudGluZyBJS0V2MiBSZWRpcmVjdCBGZWF0cnVlICBhY2NvcmRpbmcgdG8gUkZDNTY4 NS4gQnV0IGluIHNvbWUgYWJub3JtYWwgY2FzZSwgY2FuIHUgZXhwbGFpbiBtb3JlIGFib3V0IHdo YXQgYWN0aW9uIG5leHQuDQoNClJGQzU2ODUNCjcuICBIYW5kbGluZyBSZWRpcmVjdCBMb29wcw0K DQogICBUaGUgY2xpZW50IGNvdWxkIGVuZCB1cCBnZXR0aW5nIHJlZGlyZWN0ZWQgbXVsdGlwbGUg dGltZXMgaW4gYQ0KICAgc2VxdWVuY2UsIGVpdGhlciBiZWNhdXNlIG9mIGEgd3JvbmcgY29uZmln dXJhdGlvbiBvciBhIERvUyBhdHRhY2suDQogICBUaGUgY2xpZW50IGNvdWxkIGV2ZW4gZW5kIHVw IGluIGEgbG9vcCB3aXRoIHR3byBvciBtb3JlIGdhdGV3YXlzDQogICByZWRpcmVjdGluZyB0aGUg Y2xpZW50IHRvIGVhY2ggb3RoZXIuICBUaGlzIGNvdWxkIGRlbnkgc2VydmljZSB0byB0aGUNCiAg IGNsaWVudC4gIFRvIHByZXZlbnQgdGhpcywgdGhlIGNsaWVudCBTSE9VTEQgYmUgY29uZmlndXJl ZCB0byBub3QNCiAgIGFjY2VwdCBtb3JlIHRoYW4gYSBjZXJ0YWluIG51bWJlciBvZiByZWRpcmVj dHMgKE1BWF9SRURJUkVDVFMpIHdpdGhpbg0KICAgYSBzaG9ydCB0aW1lIHBlcmlvZCAoUkVESVJF Q1RfTE9PUF9ERVRFQ1RfUEVSSU9EKSBmb3IgYSBwYXJ0aWN1bGFyDQogICBJS0V2MiBTQSBzZXR1 cC4NCg0KDQppZiByZWRpcmVjdCB0aW1lIGlzIG1vcmUgdGhhbiBNQVhfUkVESVJFQ1RTKGRlZmlu ZSBmb3IgSGFuZGxpbmcgUmVkaXJlY3QgTG9vcHMpLCB3ZSBkb26hr3Qga25vdyB3aGF0IHRoZSBh Y3Rpb24gdGhlIHNlcnZlciB3aWxsIGRvICwgdG8gbWFrZSBzdXJlIG91ciBuZWdvdGlhdGUgY2Fu IGJlIHN1Y2NlZWQuDQogICAgICAgKDEpIEFmdGVyIGNsaWVudCBpZ25vcmUgdGhlIHJlZGlyZWN0 IHBheWxvYWQgc2VudCBmcm9tIEEtR1coYSBzZWxlY3RlZCBHVyksIGlmIGNsaWVudCBjb250aW51 ZSB0byBuZWdvdGlhdGVzIHdpdGggQS1HVywgQS1HVyBtYXliZSBzdGlsbCBzZW5kIHJlZGlyZWN0 IHBheWxvYWQgdG8gY2xpZW50Lg0KICAgIEF0IHRoaXMgdGltZSwgY2xpZW50IHdpbGwgaWdub3Jl IHRoZSBwYXlsb2FkIGFnYWluIGFuZCByZXBlYXQgdGhlIHN0ZXBzIG1lbnRpb25lZCBiZWZvcmUu IFNvIHRoZSB0aGUgbmVnb3RpYXRpb24gd2lsbCBoYXZlIG5vIGNoYW5jZSB0byBiZSBzdWNjZXNz Lg0KDQogICAoMikgQWZ0ZXIgY2xpZW50IGlnbm9yZSB0aGUgcmVkaXJlY3QgcGF5bG9hZCBzZW50 IGZyb20gQS1HVyhhIHNlbGVjdGVkIEdXKSwgaWYgY2xpZW50IG5lZ290aWF0ZXMgd2l0aCB0aGUg aW5pdGlhbCBHVywgd2hpY2ggbWF5YmUgYWxzbyBzZW5kIHJlZGlyZWN0IHBheWxvYWQgYXMgdGhl IHN0ZXAgKDEpDQogICAgU28gc2FtZSBhcyAoMSksIHdlIGNhbid0IG1ha2Ugc3VyZSB3aGV0aGVy IHRoZSBuZWdvdGlhdGlvbiB3aWxsIGJlIHN1Y2Nlc3Mgb3Igbm90DQoNCkJlc3QgUmVnYXJkcywN Cg0KQ3liZXIgU2VjdXJpdHkgU29sdXRpb25zIERlc2lnbiBEZXB0DQpaZW5nIFhpbg0KX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX18NCltjaWQ6aW1hZ2UwMDEucG5nQDAxQ0Y4QUQ1LkJG NUREQUUwXQ0KSHVhd2VpIFRlY2hub2xvZ2llcyBDby4sIEx0ZC4NClBob25lOiA4Ni0yMS0zODkw MDc0Mw0KTW9iaWxlOiAxNTkwMDY4NjkxOQ0KRW1haWw6IHJ5YW4uemVuZ3hpbkBodWF3ZWkuY29t PG1haWx0bzpyeWFuLnplbmd4aW5AaHVhd2VpLmNvbT4NCk5vLjIyMjIsIFhpbmppbnFpYW8gUmQu LCBQdWRvbmcgRGlzdHJpY3QsU2hhbmdoYWkgMjAxMjA2LCBQLlIuQ2hpbmENCmh0dHA6Ly93d3cu aHVhd2VpLmNvbTxodHRwOi8vd3d3Lmh1YXdlaS5jb20vPg0KDQo= --_000_6AA0F3C0EAC9474B84354D7C4BFF7A4B646882BASZXEMA512MBSchi_ Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: quoted-printable

&n= bsp;

&n= bsp;

=B7=A2=BC=FE=C8=CB: Zengxin (Ryan)
=B7=A2= =CB=CD=CA=B1=BC=E4: 2014=C4=EA6=D4=C218=C8=D5 11:50
=CA=D5=BC=FE=C8=CB: 'ipsec@ietf.org'; 'vijay@wichorus.com'; 'kilian.weniger@googlemail.= com'
=B3=AD=CB=CD: Shenwenbin; dharmanandana pothulam; '00902833@notesmail.huawei.com'; Fang= ongbin (Allan); vijay kn; Liujun (Leo, FW-IPSec)
=D6=F7=CC=E2: hello,pls help us clarify what server will do=A3=ACaccording RFC5685 if redirect times more than MAX_REDIRECTS=A3= =AC

 

Dear Vijay Devarapalli & Kilian Weniger:<= o:p>

    We are from huawei, now im= plementing IKEv2 Redirect Featrue  according to RFC5685. But in some abnormal case, can u explain more about what action next.

 

RFC5685

7.  Handling Redirect Loops<= /b>

 

   The client could end up getting = redirected multiple times in a

   sequence, either because of a wr= ong configuration or a DoS attack.

   The client could even end up in = a loop with two or more gateways

   redirecting the client to each o= ther.  This could deny service to the

   client.  To prevent this, t= he client SHOULD be configured to not

   accept more than a certain numbe= r of redirects (MAX_REDIRECTS) within

   a short time period (REDIRECT_LO= OP_DETECT_PERIOD) for a particular

   IKEv2 SA setup.

  

 

if redirect time is more than MAX_REDIRECTS(define for Handling Redirect Loops), we don=A1=AFt know what the action the server will do , to make sure our negotiate can be succeed.=

       (1) After client ignore the redirect payload sent from A-G= W(a selected GW), if client continue to negotiates with A-GW, A-GW maybe st= ill send redirect payload to client.

    At this time, client will ignore the= payload again and repeat the steps mentioned before. So the the negotiatio= n will have no chance to be success.

  

   (2) After client ignore the redirect paylo= ad sent from A-GW(a selected GW), if client negotiates with the initial GW, which maybe also send redirect payload as the step (1)

    So same as (1), we can'= t make sure whether the negotiation will be success or not

 

Best Regards,

 

Cyber Security Solutions Design Dept=

Zeng Xin

3D"cid:i=
Huawei Technologies Co., Ltd.

Phone: 86-21-38900743

Mobile: 15900686919
Email: ryan.zeng= xin@huawei.com

No.2222, Xinjinqiao Rd., Pudong District,Shanghai 201206, P.R.C= hina
http://www.huawe= i.com

 

--_000_6AA0F3C0EAC9474B84354D7C4BFF7A4B646882BASZXEMA512MBSchi_-- --_004_6AA0F3C0EAC9474B84354D7C4BFF7A4B646882BASZXEMA512MBSchi_ Content-Type: image/png; name="image001.png" Content-Description: image001.png Content-Disposition: inline; filename="image001.png"; size=4883; creation-date="Tue, 24 Jun 2014 07:39:04 GMT"; modification-date="Tue, 24 Jun 2014 07:39:04 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAAGYAAAAgCAIAAABvvJpEAAAAAXNSR0IArs4c6QAAEs1JREFUaEPd molzHEWWxl9VV9/duk9LtizLt7AxvgAPNwbG2Bwz2IMJYJeIJQZid4EIjoVlmGOJ2GF3OWYWYtgZ BphlYIGB4RgfgDE+8IUP2fiUTyzLsu5Wq9V3V3VX7a+VhP4IZUgZWVmZL/N9+b33sjJbcwb6JeDK BiUpbpf4vOIJpKSYdDH9EpdkRhIBcYelQnf0fE50l+iOGI4U/3WtoElexB7t4RNbs5Pi5IqdxWNq 4QKVumijb8dN0sUfFLdXF7cBAEo7Q8QlxWI2p+WG68WoFN1jZajW3aKBF291WxxTsnErkwIw2oJh AaQcTUCxQMFFDRUKzfGUwMovLq8hHkNcmhhQJucZhcx0PKJXWpqRyshwWnp7pJDLOZbj2JLPSyEp +aRoaZ8r43Ky9OLPAhjbI7a7mIsb3GBZEbjxlTQnX1TKFiuP6uLhwYs1mSJpjNCS7pNy+qR0dqdD Qf+ypdnyCr8RlsEBc7DDLVmtrFTKyiVQldL9mubHGn0FW+y8aFivKzVKMf8oa8dT0rKWA6WKvskt w6OkKHdEy1LKSccZ5/13z+/c3tfXo89qnvrw/eVXXiU5L/VnTu7WzFh1aUmgrsFunuUunazZIduR vF7kqgvKYdaG5G0BSOSPp6RjZ/iwUW9keyUflLyGwoW8JOK9a9a2f7LOPHKiLB53D/QlTxwTPJeZ dUaiPidd4nNcZjR24VSs85SWjoplQUog/955OeKzMc5iIBhnSfcR99AJJtjpQDLmjUUlmRQzJ2e+ 69i+w7zQU2MY0+tqm4JBp+O89AzIcLwQHwk4heqKQLDMm88MZbvO5TvPi23i49zprJbOSsEq0jUv Xgg77vw/oW3UGjHFdFx6B4ugxKOSTcm58/nufn8hb6dTdiIeMPNGf1QiI+L1FZKZTE+/RGKSy+q5 jDcWN+IjBAcppLVkyoglJDUiFvHBFJsAMN6SXuRYNil2wuk5d+Tfnjvzy+ck0kvYFCsXsu1YMhYq K3PhweNZVzQjsbSkssl4yjtsykg+0dHtK2i+RFqGo4Jt6lbXXz7Y/dx/yrEjkmd3lxaNOFJ0bI7j FAqFfD5v29+zzjR5VUxUjjVQb8nHCjxmMhnyHOHacVTjeDw+1pFCOp1WolS9SqoXXdRACBwaGlJy yGOxGPNRLYeH8eHFRBvaq4KqSSQS2WxWPSqBqVRKz6Zi4tfETJ/fsiW+fWdi267Cus/EykpFmF1Y XWVNPBK10rlsPO3JOhJPS2Ikl0qGTV06h7yDWW0wk44lJRRgz2pt2zy8Y1t8x46udeul61wxgORG CKAKKZfLZRiGruuUmYfHw0akmDRNUxOlQK4aK3TULP1+oq54vV4aIIFyIBAgR5SCg4ISFQqxyjZY kFQvCpZlIYf6ysrKsVFKSkqYD28ZqLy8XK0ELUnUkKtlCIfDPp9PTUzlbrdbt0txY1ah7eDpv/7N 39tTMhQ5/tEnsn2HtNSXTa33aYYft56zdJc7NRKXjCm5VGwwYo9kpSfp6bULpwZzbCwm1MmF7rPr 14V6uir6urv+tl72HihCRozQGauYlFYqMbCCiZypqwmh+VhLhW8wGFRcUECgicIICCALNbRHW7RS 0pBAoi85DVBbCQE+hTXkYqngjkJZQUYBsSRWhbfIpMCq8IqWYzxVa1wcgI295K3uXfszx043hkKT SoL2yY7IO+/Bu8mLLkmm4gGvp0gKwz3Y1yvplGTSuYG+1ACWKNKXy19ITJwwqfjtsHGzdehoVTrW 7NG9F3oyh9slC8C6zSZjVAcURg650koZCAorFozhwlvUGzMNxUp0owtAK81ZfBTjkTS2DAinrHJk oiFv1YjIV1iXlZUptceaUQYUMFVrQ47pKdIp7MiRoHqxBkzD9dSvnvGm08l1X9lHTpTkc3o2Fy4Y keFoVW2JzGjx7Ducj8WSuRQbrqiVa5g7my1csv2YPjRUgpye4UC4Ur/lh9LV1ff+Wt+5C4We84aV cVBw4sTA1VdkSstdxU/X4rTQnBkwcG9v79GjR5kKChRnMJp4PHPmTGdnJ5PDak6fPn3o0CHVRqFG m76+voMHD6I8Jqb4CBbIPHfu3Pnz56nHxMAUODo6Or777rvq6mqwYGja0P3s2bNIiEaj9fX1Cnow Rcjhw4dxgpBRTQ+s8W5M4MKFC4zb1dWFE6yrq6M9Yunu+uWvnjXSpvbNvtzJU+bQgGaa1cGKZDJ5 fqivdv58T8AfPX6UPUcilQpOqCyfOpkoaZ/rzEeGTZBM5vzzF8q0qcMfrYls393g2PnoSM7MmwGP e8bM0HU3SFmte3Tbp4xILe+aNWteeumlU6dOTZ48GZWYNzM+ceLEiy+++Mc//nHatGnTp09///33 33zzzZGRkUWLFtFAcWTjxo0vvPACGs6ePRuioTZ0OHbs2BNPPPHWW28hkHrgpsE777zz7LPP8vbi iy9W0IDg008//corr+zZs4dxJ0yYAJuwu2+++Yb6devWzZ8/n2bt7e2/+93vXn755T//+c9/GU1M iSVBMo2Z4RtvvKF7M5roofD0mSUN9S5vkcxwKsAu9HCnfLldZk/0L2z2BI0g9uVYYuckk3AN9FkD /cMjUbO+XKY0yxf74hsPuIZHrHS8MiguPk2bqmsXzpNgtQeyj8YlxRQK2OPJkye3bt26b98+1h/N eaWodOTIkW+//ba7uxtV29ratmzZAhmVr1FqRyKRzZs3b9q0SZGLSrzYhg0bqAG4tWvX7ty5k2bN zc3ksIO1gX2KaPB327Ztx48fZ+gdO3YAN0NXVFR88cUX27dvh0dTpkyBhr/97W+fe+45WsJKSEqb qqqqmpoaWIYQZkVjXTq6JGfJksUlrVOztZUjAW+3GS/xh6sK7u4NW2UkVjJ3bt5wh0tKowNDgmcK hBN9kfhgjJOemqZGYmXmi02uC5FqX2nfUGrQkFipXt46Ta67iqAix85akWIIH4MMJQEI8lMDI5Tf wUcAKGqgKhryFppTQCXc8Fj4Uw6YHDUoYD5Yyscff4yoyy67DLXh5uDgIG8vueSS2tra3bt3wxpa Il9ZJTKhOWrTDLGMAoKgv3LlSob+4IMP3n333UmTJr322muffvrp22+/jXDW4+GHH0YmpkDf4hpv /eUze372mETOh//1kZl/v3qwvkbzVmgcB3ncmWQmsn6btMyvvXhJNG/UVTRxqCYWR2olnKq5dUO7 dqls2hTpOuszdMd0vDW152vqGlbdUf6P90u0V/7j2T0/e1Lr64FZimIsFJBhZcAEFlAdvij/Ohbm aUYlnkVFKxUox3w8i08lU6c9s//666/37t27bNkyDLalpeWrr76CCHT/wQ9+cNFFF9GLR5BlLMjI klx33XVwEIeIPwVoSI3DYkq33HILgNId4Ghz5513NjY2wiwWlZkgGVGowCMo66nDR/d++Mk7//J0 7MNPjWtuuOyxJxovbu1OxTOFgkczEmf75UC7LFoULy1NW5oEKkT3xgz3kNeY/JNV0nZwaN9+r2kW bIsunsYJC1atDt6+Sjr7jz35i50v/3fVQMTNt9coy4AGsFCVnDI+5aGHHkLb66+//p577nnssccw Q7WrgAvKVakQSV9QQHPwYtKKg9Rj4H/6059g06233orPuuuuu9iXvffee7Sncvny5QjBNmkMp/CD eMnHH398xowZ8AXuMCtoiDufN28erg1XiE+g75dffokouq9YsWLVqlU333wzj0gg5rD2paWlus/S GvWwvu/cZ0++1PvMi5K0An+3aso/3VveWON19ExP1DxzTha2tqy4LmLZUlIts1p7XI6xuFWuXiwn vkt09AQ1I1xTPufu5bWPPyCTmnv//eXdDzzjbR+8qLQpMTAi5vd7H/hPQlV0psCi4V+wLNwQVoP7 RzdcMgk7UkykAMS0B0SioQIOiqkNCvzav38/OkAiUMCpU4814dEBF2jwQcCKU0M+kQTWtLa2AhAS GJS1YXQGuummmxDClKgHMvZu+FniNWGEoIHvV58KzIcCybji1hXvvPqHioI+pazx2+1bzuxtW3LL ta4F84I/vTe4a9/A/raNB9sWfDWxbtnN7kMdxTPsTCJbU7Vs5Wp7T9uR4+3VlZXBOa0yZ5pMqcmt WXfqm2+9KZkkoWgimikJzLvqSqmrg/lqy0MOBMoeFy5cSKRDMcrMGBshHh04cACvweypgXFwSu3F lROBm7hkgCANDAxga2CKicFQaIUyQAZYhD9Ih33h4HD/69evZ53gCCyjOzb76quvsqEhJgINU7ri iiuYocKL7lD+gQceYOj+/n5qWCRsGbiZNiECBHXvNYvzMyf2SiGSy5RJeZU70Ln7YNv//EGinfLD +XN+8c9Tli89sv+Y9MSm/eT2zOwGZ1L1nOW3iLt657pt4XmzJjx0t6y4XMKe1BvvEzfrI9ZEx2/Y hu0KOzMny8XTpbZCuScSMwAOzAc4KKMVuoHdrFmzUI96FVKhGzBBN2IoiGCe4AXWkAUDARoeVfCi /cyZM0EExcjZCiAWLw4icHPx4sU0+PDDD3HqyGR5eGQHg29i2/X73/8emkMxgKC+qalpyZIlsBWk QBbOXnrppXPnzr3xxhvBGpsgXn+/lf3V6694da3j9JnOgY6w4c0XzK5Ynx7wrN27I1UwGyZMrFuw ZHKoZsQqlN57h9bS6JrRUtHQaB06GdK9jddczvH/qbZdpzZvzvcMGYkcx99D2VyXYxVmNDWvXGas XCGhoHiKe+ixjzXiOhsI1u3HP/4xFlf8BM3nMR/iHdy54YYbrrrqKiYHWTArXkFP1vbzzz+HF+B1 ++23o+fzzz/PloIyjv/RRx9dvXr1fffdxwLAVvACU/ZZQENAZGNBMIW8v/nNbyAvC0ANE+jpKcYl vJvakRGdYTQ+DpPEbFkSfAW2SUssHW6y5NAT34fKPY45nNyy4Q/XXv3m5OYtc+asa6rfMH3S1sWt n0xpWN/YnPqHh53//auzY4/jJHucVLszkHYS9qEDzucbnP96YdOlC//aUr+tdUp7S9OF5ml9k2ef mnXJ8Tt/kvq/15z+Y44Tsa0kU1GJKUKTRx55BK5BMWiCOahX6H/llVcydbaRVKLkU0891dDQANZQ Un2HAvr999+P/yK0Kc/4+uuvqxMONCGn189//nPqsVM8Hbg/+OCD6svp6quvpgEejRzeTZw4EYHs Jz777DP1KU4iaP76179esGCB+mhXg5LwgHg9FhXaArqWctK5xFC5o0s8Jd91SHt7frDXqKyW/mEO 9aUrlomN5ObNKnvwnk4r5lTUcuyKpZXmCpGP19r7DtWwt68tL558MEDGkmCZtDTJlAnSVCnlAc6D /HbQrwcgNo5WfY6ADosP5y+//HK1w4JHrDmehaB52223wQ6MlEqWGnTQE67hv7AsbAc4wJq4hiZL ly5FAsLVZzZYsySEUUa5++67+TBCIGNBOlAg/CEHIIiMODhMHiPFkQEc4LIeYId14w127dql4g+N sWgME8SJPx999BF2oEUd7jBtT//A8Q0b4WtJwaovDXmGEhOzXmsgOZK0Cs1NpT+6oWzZtVJVljQL Ia5C2JBnM9aefdE1X+YPtzNlb3mJWAmprmGvn8ibxrxW/x03yYyGAXEqpNQYXxcmWr+TKhWXe2Bg /9/WrXnrrbPftnFr2egNB0esgC88ddGll65e5bnxGqmpYrvPgXeBs8Zyf/GuYHjQ2brj7JdfRfbs T3X3hksD/fGR4ZwZntay+K5VE+69QyZVx8UVEG78xtUFgOuJp58Iubwuj6+hYdLk6lotV8j0RhNZ KzB/1sz7Vi548qf+65eILyTZAqd84tb0MB/aBDZTyvza3KbSRTOSpe6oVjh9oTvlMULzW+fd+aNJ y2+UhvqcIamC5de5Vx5X9+WciHK1YTt8uBhuLtHsw0c72w5lLHPq0svd0xrTvrAtRiDnuDQfRmdm TC3o4UbcpdmOu5CRvCE5fyIh0UzvZ5t9Lnd4WpPBAVG4hFP/gm64PHw8A/C4YpnmjKQk4EkW0mbe qvD6+VEBt8BSEuLOKWHlMvmC189PKwzTyfn4kYXXl8pYLj+XbcBQcJlpT95ycb4IjfiINEGfyziP 43Zz/+vKAq1H3Pr4cmX8xGJgWMpCJgzjkGD0PtMUwqcrk0v7vX7X6DVulAMzx6zS+JGLAWHAKy55 dvRh4gD3vY6VSic8oZCmu3jLXTlXo/x4w5W0JZUmaIyzu19+YAA1Cpbt2Jpuag6fgF5HMzOWzzN6 RszeI5nkNxsciwPP0OBA0MsNQsDlcdEjm01LwQ64vRqPXHFwAcFJi5Xh2Mfv43TDA4Ljyo2NbtOK viyVTAY9YQ6cOYHnGzrE1QaHoMXTQad4+YTeGJ2T5VbS4+ZXKnqRkFyyG3qhyCpx8bbAhSUnXkXQ Kfo1gyNYPp0tsULFe4Fxlf4f3/ybFLzs5LEAAAAASUVORK5CYII= --_004_6AA0F3C0EAC9474B84354D7C4BFF7A4B646882BASZXEMA512MBSchi_-- From nobody Sat Jun 28 15:37:08 2014 Return-Path: X-Original-To: ipsec@ietfa.amsl.com Delivered-To: ipsec@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 507991A015B for ; Sat, 28 Jun 2014 15:37:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.053 X-Spam-Level: X-Spam-Status: No, score=0.053 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HELO_MISMATCH_COM=0.553] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ox05e6T-iTg for ; Sat, 28 Jun 2014 15:37:04 -0700 (PDT) Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CB371A011E for ; Sat, 28 Jun 2014 15:37:04 -0700 (PDT) Received: from [10.20.30.90] (50-1-51-60.dsl.dynamic.fusionbroadband.com [50.1.51.60]) (authenticated bits=0) by hoffman.proper.com (8.14.8/8.14.7) with ESMTP id s5SMb1eE020433 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Sat, 28 Jun 2014 15:37:03 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) X-Authentication-Warning: hoffman.proper.com: Host 50-1-51-60.dsl.dynamic.fusionbroadband.com [50.1.51.60] claimed to be [10.20.30.90] From: Paul Hoffman Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: <4263B56C-1DCF-4451-B7A9-463E18670CC3@vpnc.org> Date: Sat, 28 Jun 2014 15:37:01 -0700 To: IPsec ME WG List Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) X-Mailer: Apple Mail (2.1878.2) Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/pQdgGYOOirQwJY0mtyInCF5VCW0 Subject: [IPsec] Our meeting in Toronto X-BeenThere: ipsec@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Discussion of IPsec protocols List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Jun 2014 22:37:05 -0000 Greetings again. The Toronto meeting is a few weeks away. The IPsecME WG = is scheduled in the last slot of the week, Friday late morning: = This gives us 1.5 = hours. Currently, I have the following non-WG documents on the WG agenda: draft-smyslov-ipsecme-ikev2-null-auth draft-mglt-ipsecme-mobikev2 draft-nir-ipsecme-puzzles Am I missing any? Again, the criterion is that the documents not have = been presented at an earlier IETF meeting, and that there must have = already been some discussion on the list before the meeting. --Paul Hoffman=