From owner-ietf-ipsra@mail.vpnc.org Fri May 2 11:29:09 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA17904 for ; Fri, 2 May 2003 11:28:53 -0400 (EDT) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.8p1/8.12.8) with ESMTP id h42FCxi2049356 for ; Fri, 2 May 2003 08:12:59 -0700 (PDT) (envelope-from owner-ietf-ipsra@mail.vpnc.org) Received: (from majordom@localhost) by above.proper.com (8.12.8p1/8.12.9/Submit) id h42FCxfD049355 for ietf-ipsra-bks; Fri, 2 May 2003 08:12:59 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-ipsra@mail.vpnc.org using -f Received: from [63.202.92.152] (adsl-63-202-92-152.dsl.snfc21.pacbell.net [63.202.92.152]) by above.proper.com (8.12.8p1/8.12.8) with ESMTP id h42FCwi3049345 for ; Fri, 2 May 2003 08:12:58 -0700 (PDT) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 X-Sender: phoffvpnc@mail.vpnc.org Message-Id: X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . Date: Fri, 2 May 2003 08:12:50 -0700 To: ietf-ipsra@vpnc.org From: Paul Hoffman / VPNC Subject: Question about how to proceed on PIC Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-ipsra@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Greetings again. As many of you know, PIC was sent to the RFC Editor for publication, and before the RFC came out, a security problem with the way that PIC, EAP, and other related protocols do authentication was discovered. The problem is described in detail in . We now have a clearer idea on how to modify PIC to avoid the security problem, but in the meantime, IKEv2 has moved much closer to being finished. IKEv2 includes a single standard method for doing legacy authentication. Also, we have heard little or no interest in deploying PIC. So our question to you is, should we fix PIC and get a standards-track RFC, an informational RFC, or should we withdraw it? There is no reason for us to create an RFC that no one will implement. We want to hear from folks in the WG about this so we can decide to go forwards. --Paul Hoffman and Sara Bitan, WG chairs From owner-ietf-ipsra@mail.vpnc.org Fri May 2 14:29:16 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA24503 for ; Fri, 2 May 2003 14:29:01 -0400 (EDT) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.8p1/8.12.8) with ESMTP id h42I8wi2059138 for ; Fri, 2 May 2003 11:08:58 -0700 (PDT) (envelope-from owner-ietf-ipsra@mail.vpnc.org) Received: (from majordom@localhost) by above.proper.com (8.12.8p1/8.12.9/Submit) id h42I8v5s059137 for ietf-ipsra-bks; Fri, 2 May 2003 11:08:57 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-ipsra@mail.vpnc.org using -f Received: from herculanum.int-evry.fr (herculanum.int-evry.fr [157.159.11.15]) by above.proper.com (8.12.8p1/8.12.8) with ESMTP id h42I8ui2059122; Fri, 2 May 2003 11:08:56 -0700 (PDT) (envelope-from jean-jacques.puig@int-evry.fr) Received: from sparte.int-evry.fr (spartebis.int-evry.fr [157.159.10.20]) by herculanum.int-evry.fr (Postfix) with ESMTP id 5756134424; Fri, 2 May 2003 20:08:57 +0200 (CEST) Received: from alpes.int-evry.fr (alpes.int-evry.fr [157.159.10.19]) by spartebis.int-evry.fr (Postfix) with SMTP id 06F0B3F43B; Fri, 2 May 2003 20:09:41 +0200 (CEST) Received: from sparte.int-evry.fr ([157.159.10.11]) by alpes.int-evry.fr (SAVSMTP 3.0.0.44) with SMTP id M2003050220085516111 ; Fri, 02 May 2003 20:08:55 +0200 Received: from localhost (ivan.int-evry.fr [157.159.100.48]) by sparte.int-evry.fr (Postfix) with ESMTP id 1B4993F43B; Fri, 2 May 2003 20:09:41 +0200 (CEST) Received: from jjp by localhost with local id 19BexE-00036U-00; Fri, 02 May 2003 20:08:16 +0200 Date: Fri, 2 May 2003 20:08:16 +0200 From: Jean-Jacques Puig To: Paul Hoffman / VPNC Cc: ietf-ipsra@vpnc.org Subject: Re: Question about how to proceed on PIC Message-ID: <20030502180816.GA11903@ivan.int-evry.fr> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: owner-ietf-ipsra@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Hello, I was interested in PIC mainly because IKEv1 does not address legacy auth, and a bootstrap method from legacy auth to tunnel establishment sounds reasonable. IKEv2 supports legacy auth, but I don't think PIC does exactly the same thing. However, the market will certainly accept only one protocol here, and it will be IKEv2, thus I think going further with PIC is pointless. Whether it is coherent for IKEv2 to handle legacy auth is another debate though (on which I have no opinion :-). -- Jean-Jacques Puig On Fri, May 02, 2003 at 08:12:50AM -0700, Paul Hoffman / VPNC wrote: > > Greetings again. As many of you know, PIC was sent to the RFC Editor > for publication, and before the RFC came out, a security problem with > the way that PIC, EAP, and other related protocols do authentication > was discovered. The problem is described in detail in > . > > We now have a clearer idea on how to modify PIC to avoid the security > problem, but in the meantime, IKEv2 has moved much closer to being > finished. IKEv2 includes a single standard method for doing legacy > authentication. Also, we have heard little or no interest in > deploying PIC. > > So our question to you is, should we fix PIC and get a standards-track > RFC, an informational RFC, or should we withdraw it? There is no reason > for us to create an RFC that no one will implement. We want to hear > from folks in the WG about this so we can decide to go forwards. > > --Paul Hoffman and Sara Bitan, WG chairs From owner-ietf-ipsra@mail.vpnc.org Fri May 2 16:30:10 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA01332 for ; Fri, 2 May 2003 16:29:54 -0400 (EDT) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.8p1/8.12.8) with ESMTP id h42KFNi2065120 for ; Fri, 2 May 2003 13:15:23 -0700 (PDT) (envelope-from owner-ietf-ipsra@mail.vpnc.org) Received: (from majordom@localhost) by above.proper.com (8.12.8p1/8.12.9/Submit) id h42KFNP0065119 for ietf-ipsra-bks; Fri, 2 May 2003 13:15:23 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-ipsra@mail.vpnc.org using -f Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by above.proper.com (8.12.8p1/8.12.8) with ESMTP id h42KFMi2065111; Fri, 2 May 2003 13:15:22 -0700 (PDT) (envelope-from gwz@cisco.com) Received: from franklin.cisco.com (franklin.cisco.com [171.70.156.17]) by sj-core-2.cisco.com (8.12.6/8.12.6) with ESMTP id h42KFHxI011919; Fri, 2 May 2003 13:15:17 -0700 (PDT) Received: from gwzw2k (sjc-vpn2-2.cisco.com [10.21.112.2]) by franklin.cisco.com (8.8.6 (PHNE_17190)/CISCO.SERVER.1.2) with ESMTP id NAA29397; Fri, 2 May 2003 13:15:16 -0700 (PDT) Reply-To: From: "Glen Zorn" To: "'Paul Hoffman / VPNC'" , Subject: RE: Question about how to proceed on PIC Date: Fri, 2 May 2003 13:14:38 -0700 Organization: Cisco Systems Message-ID: <001701c310e7$875a55c0$9c974104@amer.cisco.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 In-Reply-To: Importance: Normal Sender: owner-ietf-ipsra@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Content-Transfer-Encoding: 7bit > Greetings again. Hi, Paul. > As many of you know, PIC was sent to the RFC > Editor for publication, and before the RFC came out, a > security problem with the way that PIC, EAP, and other > related protocols do authentication was discovered. The problem is described in > detail in . > We now have a clearer idea on how to modify PIC to avoid the security problem, Cool! How is it done? ... > So our question to you is, should we fix PIC and get a standards-track RFC, an informational > RFC, or should we withdraw it? There is no reason for us to create an RFC that no one will > > implement. Serious question: was anybody actually planning to implement PIC _before_ the problems were discovered? > We want to hear from folks in the WG about this so we can decide to go forwards. --Paul Hoffman and Sara Bitan, WG chairs From owner-ietf-ipsra@mail.vpnc.org Mon May 5 02:37:18 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA25919 for ; Mon, 5 May 2003 02:37:02 -0400 (EDT) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.8p1/8.12.8) with ESMTP id h456I3i2045997 for ; Sun, 4 May 2003 23:18:03 -0700 (PDT) (envelope-from owner-ietf-ipsra@mail.vpnc.org) Received: (from majordom@localhost) by above.proper.com (8.12.8p1/8.12.9/Submit) id h456I3sJ045995 for ietf-ipsra-bks; Sun, 4 May 2003 23:18:03 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-ipsra@mail.vpnc.org using -f Received: from populo.vip.fi (root@populo.vip.fi [213.173.130.25]) by above.proper.com (8.12.8p1/8.12.8) with ESMTP id h456I0i2045944; Sun, 4 May 2003 23:18:01 -0700 (PDT) (envelope-from sami.vaarala@netseal.com) Received: from server.netseal.com (kone1.intrasec2.vip.fi [213.173.159.46]) by populo.vip.fi (8.8.8p1/8.8.5) with ESMTP id JAA14288; Mon, 5 May 2003 09:17:57 +0300 content-class: urn:content-classes:message Subject: RE: Question about how to proceed on PIC MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Date: Mon, 5 May 2003 09:17:57 +0300 Message-ID: X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Thread-Topic: Question about how to proceed on PIC Thread-Index: AcMQwHkUMTUX9CxRRNiKCAq88mP4xwCDZzEQ From: "Sami Vaarala" To: "Paul Hoffman / VPNC" , Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id h456I2i2045983 Sender: owner-ietf-ipsra@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Content-Transfer-Encoding: 8bit Hi, > So our question to you is, should we fix PIC and get a standards-track > RFC, an informational RFC, or should we withdraw it? There is no reason > for us to create an RFC that no one will implement. We want to hear > from folks in the WG about this so we can decide to go forwards. I would suggest we go ahead and publish the current version as an RFC. If there is a sufficient interest in IKEv1 + PIC, we can work on a security fix as a separate specification. If there is not, IKEv2 will be used anyway. Best regards, -Sami From owner-ietf-ipsra@mail.vpnc.org Sun May 11 11:47:04 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA06644 for ; Sun, 11 May 2003 11:47:03 -0400 (EDT) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.8p1/8.12.8) with ESMTP id h4BFDri2031417 for ; Sun, 11 May 2003 08:13:53 -0700 (PDT) (envelope-from owner-ietf-ipsra@mail.vpnc.org) Received: (from majordom@localhost) by above.proper.com (8.12.8p1/8.12.9/Submit) id h4BFDrAd031416 for ietf-ipsra-bks; Sun, 11 May 2003 08:13:53 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-ipsra@mail.vpnc.org using -f Received: from [63.202.92.152] (adsl-63-202-92-152.dsl.snfc21.pacbell.net [63.202.92.152]) by above.proper.com (8.12.8p1/8.12.8) with ESMTP id h4BFDni3031411; Sun, 11 May 2003 08:13:49 -0700 (PDT) (envelope-from paul.hoffman@vpnc.org) Mime-Version: 1.0 X-Sender: (Unverified) Message-Id: X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . Date: Sun, 11 May 2003 08:13:48 -0700 To: "Steven M. Bellovin" , Russ Housley From: Paul Hoffman / VPNC Subject: Request for AD action: PIC and the IPSRA Working Group Cc: ietf-ipsra@vpnc.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-ietf-ipsra@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: We polled the IPSRA Working Group, and there was little interest in moving PIC forwards as an RFC after revisions. Therefore, we ask that you remove it from the RFC Editor's queue, and we will let it die quietly. At that time, you can shut down the IPSRA WG because all of the work under our charter is complete. --Paul Hoffman and Sara Bitan, WG co-chairs From owner-ietf-ipsra@mail.vpnc.org Tue May 13 11:36:28 2003 Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA17081 for ; Tue, 13 May 2003 11:36:27 -0400 (EDT) Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.8p1/8.12.8) with ESMTP id h4DF07i2022381 for ; Tue, 13 May 2003 08:00:07 -0700 (PDT) (envelope-from owner-ietf-ipsra@mail.vpnc.org) Received: (from majordom@localhost) by above.proper.com (8.12.8p1/8.12.9/Submit) id h4DF07Kg022380 for ietf-ipsra-bks; Tue, 13 May 2003 08:00:07 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-ipsra@mail.vpnc.org using -f Received: from ietf.org (odin.ietf.org [132.151.1.176]) by above.proper.com (8.12.8p1/8.12.8) with ESMTP id h4DF03i2022364; Tue, 13 May 2003 08:00:03 -0700 (PDT) (envelope-from dinaras@cnri.reston.va.us) Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA15429; Tue, 13 May 2003 10:57:00 -0400 (EDT) Message-Id: <200305131457.KAA15429@ietf.org> From: The IESG To: IETF-Announce: ; Cc: Paul Hoffman , Sara Bitan , ietf-ipsra@vpnc.org Subject: WG Action: IP Security Remote Access WG (ipsra) to conclude Date: Tue, 13 May 2003 10:56:59 -0400 Sender: owner-ietf-ipsra@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: As a result of technical problems in the original specification's interaction with other components, a new technical path forward with IKEv2, and lack of market interest, the IPRSA working group in the Security Area has decided to shut down. The IESG thanks the group for its efforts. The IESG contact persons are Russell Housley and Steven Bellovin.