Re: [IPsec] Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2 draft
Benjamin Kaduk writes: > Sorry! I think that the current charter allows us to do an 8229bis > without additional rechartering. Good. I myself think it is better to do bis documents than just clarification guidelines as splitting things to multiple documents do make things harder to implement. Also I think that currently everything in the draft is really a clarification to the original document, i.e. something that the original document should have already said more clearly, and in some cases there are new rules to be added to the processing of the packets. There are no real implementation guidelines in the current draft, i.e., something that would say something like "when doing xxx, it is often good idea to do yyy also", or "to implement zzz, algorithm like aaa is good, but others can also be used". I.e., cases where there are multiple ways of doing same thing, and any of them can be used, but some of them has been found to be better than others. Because of this I think it would be quite natural to start making the bis document instead of clarification document if authors are willing to work on such draft too... -- kivi...@iki.fi ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2 draft
On Mon, May 04, 2020 at 09:07:08AM +0300, Valery Smyslov wrote: > Hi Ben, > > > On Wed, Apr 29, 2020 at 10:54:26PM +0300, Yoav Nir wrote: > > > [With chair hat on] > > > > > > Yes, the charter says that we are to make a guidance document. If the > > working group feels that it’s better to put the specification and guidance > > in a > > single document, we can work on that and clear it with the ADs. > > > > > > Charters can be modified. > > > > FWIW I don't see a particular need to recharter to do an 8229bis. > > Can you please clarify for those of us who (like me) are not native speakers: > do you think that the current charter allows to do an 8229bis without need to > recharter > or do you think there is no need to do an 8229bis and thus no need to > recharter? Sorry! I think that the current charter allows us to do an 8229bis without additional rechartering. -Ben ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2 draft
Hi Ben, > On Wed, Apr 29, 2020 at 10:54:26PM +0300, Yoav Nir wrote: > > [With chair hat on] > > > > Yes, the charter says that we are to make a guidance document. If the > working group feels that it’s better to put the specification and guidance in > a > single document, we can work on that and clear it with the ADs. > > > > Charters can be modified. > > FWIW I don't see a particular need to recharter to do an 8229bis. Can you please clarify for those of us who (like me) are not native speakers: do you think that the current charter allows to do an 8229bis without need to recharter or do you think there is no need to do an 8229bis and thus no need to recharter? Thank you, Valery. > -Ben ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2 draft
On Wed, Apr 29, 2020 at 10:54:26PM +0300, Yoav Nir wrote: > [With chair hat on] > > Yes, the charter says that we are to make a guidance document. If the working > group feels that it’s better to put the specification and guidance in a > single document, we can work on that and clear it with the ADs. > > Charters can be modified. FWIW I don't see a particular need to recharter to do an 8229bis. -Ben ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2 draft
[With chair hat on] Yes, the charter says that we are to make a guidance document. If the working group feels that it’s better to put the specification and guidance in a single document, we can work on that and clear it with the ADs. Charters can be modified. Yoav > On 29 Apr 2020, at 18:42, Valery Smyslov wrote: > > Hi Tommy, > >> Hi Valery, >> >> Thanks for bringing this up again. Would you be interested in making this > an >> RFC8229bis instead? I think it would be most useful for an implementer to > fold >> some of these clarifications into the main text itself. How do you feel > about >> that? > > I'd be happy to do it. I also think that a -bis document is more useful. > The reason that this draft is not a rfc8229bis is that one and half > year ago it was a general feeling that more experience need to be > collected before -bis document should be issued. Now it is almost > 3 years since rfc8229 is published, I agree that it's probably time to start > preparing -bis. > > One concern is the current WG charter - > it seems to me that it only allows > clarification document and not a -bis. > It is a question to our chairs and AD - are > we allowed to proceed with rfc8229bis document > with the current charter text or should we update it > and ask for re-chartering? > > Regards, > Valery. > > >> Best, >> Tommy >> >>> On Apr 28, 2020, at 2:54 AM, Valery Smyslov >> wrote: >>> >>> Hi, >>> >>> a one and half year ago at IETF 103 in Bangkok I presented >>> draft-smyslov-ipsecme-tcp-guidelines >>> "Clarifications and Implementation Guidelines for using TCP >>> Encapsulation in IKEv2" >>> > (https://datatracker.ietf.org/doc/draft-smyslov-ipsecme-tcp-guidelines/). From my recollection of the meeting and from minutes it was a general >>> feeling in the room that >>> this document was useful for implementers, since it clarified some >>> subtle issues that were not covered in RFC 8229. However, at that time >>> no adoption call was issued since this work would require to update >>> the IPSECME charter. >>> It took over a year to adopt the updated charter and now the WG is >>> chartered for this work with this draft as a possible starting point. >>> The text in the charter: >>> >>> RFC8229, published in 2017, specifies how to encapsulate >>> IKEv2 and ESP traffic in TCP. Implementation experience has >>> revealed that not all situations are covered in RFC8229, and that > may >>> lead to interoperability problems or to suboptimal performance. The >>> WG >>> will provide a document to give implementors more guidance about how >>> to use >>> reliable stream transport in IKEv2 and clarify some issues that have >>> been >>> discovered. >>> >>> However, since it was so long since the WG last discussed the draft, >>> the chairs asked me to send a message to the list to determine whether >>> there is still an interest in the WG to proceed with this work with >>> this draft as a starting point. >>> >>> Regards, >>> Valery. >>> >>> >>> >>> ___ >>> IPsec mailing list >>> IPsec@ietf.org >>> https://www.ietf.org/mailman/listinfo/ipsec > ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2 draft
Hi Tommy, > Hi Valery, > > Thanks for bringing this up again. Would you be interested in making this an > RFC8229bis instead? I think it would be most useful for an implementer to fold > some of these clarifications into the main text itself. How do you feel about > that? I'd be happy to do it. I also think that a -bis document is more useful. The reason that this draft is not a rfc8229bis is that one and half year ago it was a general feeling that more experience need to be collected before -bis document should be issued. Now it is almost 3 years since rfc8229 is published, I agree that it's probably time to start preparing -bis. One concern is the current WG charter - it seems to me that it only allows clarification document and not a -bis. It is a question to our chairs and AD - are we allowed to proceed with rfc8229bis document with the current charter text or should we update it and ask for re-chartering? Regards, Valery. > Best, > Tommy > > > On Apr 28, 2020, at 2:54 AM, Valery Smyslov > wrote: > > > > Hi, > > > > a one and half year ago at IETF 103 in Bangkok I presented > > draft-smyslov-ipsecme-tcp-guidelines > > "Clarifications and Implementation Guidelines for using TCP > > Encapsulation in IKEv2" > > (https://datatracker.ietf.org/doc/draft-smyslov-ipsecme-tcp-guidelines/). > >> From my recollection of the meeting and from minutes it was a general > > feeling in the room that > > this document was useful for implementers, since it clarified some > > subtle issues that were not covered in RFC 8229. However, at that time > > no adoption call was issued since this work would require to update > > the IPSECME charter. > > It took over a year to adopt the updated charter and now the WG is > > chartered for this work with this draft as a possible starting point. > > The text in the charter: > > > > RFC8229, published in 2017, specifies how to encapsulate > > IKEv2 and ESP traffic in TCP. Implementation experience has > > revealed that not all situations are covered in RFC8229, and that may > > lead to interoperability problems or to suboptimal performance. The > > WG > > will provide a document to give implementors more guidance about how > > to use > > reliable stream transport in IKEv2 and clarify some issues that have > > been > > discovered. > > > > However, since it was so long since the WG last discussed the draft, > > the chairs asked me to send a message to the list to determine whether > > there is still an interest in the WG to proceed with this work with > > this draft as a starting point. > > > > Regards, > > Valery. > > > > > > > > ___ > > IPsec mailing list > > IPsec@ietf.org > > https://www.ietf.org/mailman/listinfo/ipsec ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2 draft
On Wed, 29 Apr 2020, Tommy Pauly wrote: Thanks for bringing this up again. Would you be interested in making this an RFC8229bis instead? I think it would be most useful for an implementer to fold some of these clarifications into the main text itself. How do you feel about that? That might be better. We have also been working on the Linux and libreswan code for this, and have also gotten into a few corner cases that might be good to explain the implementors. Paul ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2 draft
Hi Valery, Thanks for bringing this up again. Would you be interested in making this an RFC8229bis instead? I think it would be most useful for an implementer to fold some of these clarifications into the main text itself. How do you feel about that? Best, Tommy > On Apr 28, 2020, at 2:54 AM, Valery Smyslov wrote: > > Hi, > > a one and half year ago at IETF 103 in Bangkok I presented > draft-smyslov-ipsecme-tcp-guidelines > "Clarifications and Implementation Guidelines for using TCP Encapsulation in > IKEv2" > (https://datatracker.ietf.org/doc/draft-smyslov-ipsecme-tcp-guidelines/). >> From my recollection of the meeting and from minutes it was a general > feeling in the room that > this document was useful for implementers, since it clarified some subtle > issues > that were not covered in RFC 8229. However, at that time no adoption call > was issued since this work would require to update the IPSECME charter. > It took over a year to adopt the updated charter and now the WG > is chartered for this work with this draft as a possible starting point. > The text in the charter: > > RFC8229, published in 2017, specifies how to encapsulate > IKEv2 and ESP traffic in TCP. Implementation experience has > revealed that not all situations are covered in RFC8229, and that > may > lead to interoperability problems or to suboptimal performance. The > WG > will provide a document to give implementors more guidance about how > to use > reliable stream transport in IKEv2 and clarify some issues that have > been > discovered. > > However, since it was so long since the WG last discussed the draft, the > chairs asked me to > send a message to the list to determine whether there is still an interest > in the WG to proceed with this work with this draft as a starting point. > > Regards, > Valery. > > > > ___ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
[IPsec] Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2 draft
Hi, a one and half year ago at IETF 103 in Bangkok I presented draft-smyslov-ipsecme-tcp-guidelines "Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2" (https://datatracker.ietf.org/doc/draft-smyslov-ipsecme-tcp-guidelines/). >From my recollection of the meeting and from minutes it was a general feeling in the room that this document was useful for implementers, since it clarified some subtle issues that were not covered in RFC 8229. However, at that time no adoption call was issued since this work would require to update the IPSECME charter. It took over a year to adopt the updated charter and now the WG is chartered for this work with this draft as a possible starting point. The text in the charter: RFC8229, published in 2017, specifies how to encapsulate IKEv2 and ESP traffic in TCP. Implementation experience has revealed that not all situations are covered in RFC8229, and that may lead to interoperability problems or to suboptimal performance. The WG will provide a document to give implementors more guidance about how to use reliable stream transport in IKEv2 and clarify some issues that have been discovered. However, since it was so long since the WG last discussed the draft, the chairs asked me to send a message to the list to determine whether there is still an interest in the WG to proceed with this work with this draft as a starting point. Regards, Valery. ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec