t-marin-yang-edhoc-oscore-00.txt
> Fecha: 28 de febrero de 2023, 6:53:41 CET
> Para: "Alex Fernandez"
> , "Gabriel
> Lopez-Millan" , "Laurent Toutain"
> , "Rafa Marin-Lopez" , "Rafael
> Marin-Lopez"
>
>
> A new versi
t;> Subject: [I2nsf] IETF 114 I2NSF agenda uploaded
>>
>>
>>
>>
>>
>> I2NSF WG,
>>
>>
>>
>> Here is the agenda for next week’s I2NSF session (Tuesday).
>>
>>
>>
>> https://datatracker.ietf.org/doc/agend
dressed to either the
> author of the RFC in question, or to rfc-edi...@rfc-editor.org. Unless
> specifically noted otherwise on the RFC itself, all RFCs are for
> unlimited distribution.
>
>
> The RFC Editor Team
> Association Management Solutions, LLC
>
>
> _
t; Dear Alanna,
>>>
>>> I have revised the last version of the document and all the changes are ok
>>> to me.
>>>
>>> Thank you very much for your work.
>>>
>>> Regards,
>>> Fernando.
>>>
>>> E
;>>> Hi Diego.
>>>>>
>>>>>> El 14 jun 2021, a las 16:47, Diego R. Lopez
>>>>>> escribió:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> It looks reasonable to me, but I wonder w
ined
>>> Networking (SDN)
>>
>> The title seems ok to me.
>>
>> Best regards, Gabi.
>>
>>
>>>
>>> Be goode,
>>>
>>> --
>>> "Esta vez no fallaremos, Doctor Infierno"
>>>
>>>
2lopez/ <https://www.linkedin.com/in/dr2lopez/>
>
> e-mail: diego.r.lo...@telefonica.com <mailto:diego.r.lo...@telefonica.com>
> Mobile: +34 682 051 091
> --
>
> On 14/06/2021, 09:24, "I2nsf on behalf of Rafa Marin-Lopez&
//www.rfc-editor.org/authors/rfc9061.form.xml
>
>
> Tracking progress
> -
>
> The details of the AUTH48 status of your document are here:
> https://www.rfc-editor.org/auth48/rfc9061
>
> Please let us know if you have any questions.
>
> Thank you for yo
Dear Magnus:
Just to check we came to a conclusion to this discussion. Please see below.
> El 1 dic 2020, a las 18:28, Magnus Westerlund
> escribió:
>
> Hi,
>
> See inline.
>
> On Tue, 2020-12-01 at 16:44 +0100, Rafa Marin-Lopez wrote:
>> Dear Magnus:
>>
he I2NSF Controller
configures in the NSFs. Similarly, the encryption algorithms used in the
security association between I2NSF Controller and the NSF MUST have, at least,
the same strength as the algorithms used to establish the IPsec SAs.”
Is this reasonable?
Best Regards.
>
>
Dear Erik:
This e-mail is just to confirm that you received our answer regarding your
review.
Best Regards and thanks again.
> Inicio del mensaje reenviado:
>
> De: Rafa Marin-Lopez
> Asunto: Re: [I2nsf] Erik Kline's Discuss on
> draft-ietf-i2nsf-sdn-ipsec-flow-protection-12
Dear Magnus:
Please see our comments inline:
> El 1 dic 2020, a las 14:56, Magnus Westerlund
> escribió:
>
> Hi,
>
> Please see inline.
>
> On Tue, 2020-12-01 at 13:46 +0100, Rafa Marin-Lopez wrote:
>> Dear Magnus:
>>
>>> El 27 nov 2020, a las
Dear Magnus:
> El 27 nov 2020, a las 9:56, Magnus Westerlund
> escribió:
>
> Hi,
>
> Please see below.
>
> On Wed, 2020-11-25 at 14:48 +, Magnus Westerlund wrote:
>>
>> On Mon, 2020-11-23 at 19:19 +0100, Rafa Marin-Lopez wrote:
>>> Dear
e document, probably as a new section
> before
> section 7 (IANA considerations).
>
> Regards,
> Rob
>
>
>
> ___
> I2nsf mailing list
> I2nsf@ietf.org
> https://www.ietf.org/mailman/listinfo/i2nsf
--
rect. RFC 6040 is the proper reference.
Best Regards.
>
>
>
>
>
> ___
> I2nsf mailing list
> I2nsf@ietf.org
> https://ww
top thinking about it.
Thank you very much for all your effort with this.
Best Regards.
>
> Tom Petch
>
>
> On 28/10/2020 10:42, Rafa Marin-Lopez wrote:
>> Hi Tom:
>
>
>
>
> ___
> I2nsf mailing list
&g
can use that.
>
> [ section 6.2 ]
>
> * s/Notificsation/Notification/
Fixed.
>
> * s/conform/constitute/g?
Fixed.
>
> [ appendix A ]
>
> * "NOT ESP encapsulation." -> "NO ESP encapsulation.", perhaps
Fixed.
>
> [ appendix B ]
>
Hi Tom:
Thank you very much again. See our comments inline:
> El 29 oct 2020, a las 18:06, tom petch escribió:
>
> Back to routine comments on this I-D; I don't think that any of my earlier
> ones are unresolved.
>
> On 29/10/2020 11:23, Rafa Marin-Lopez wrote:
>> H
Hi Tom:
> El 28 oct 2020, a las 19:02, tom petch escribió:
>
> On 28/10/2020 10:42, Rafa Marin-Lopez wrote:
>> Hi Tom:
>>
>> Thank you very much for your insight. It is very helpful. Please see our
>> comments/questions inline.
>>
>>>
be.
>
> The example IPv6 address in the YANG module has :0:0: which is usually just ::
Fixed.
If you have any further comments, please let us know so we can include them in
-12
Best Regards.
>
> And I have some way to go still.
>
> Tom Petch
>
> On 22/10/2020 18:
de octubre de 2020, 15:32:50 CEST
> Para: "Fernando Pereniguez-Garcia" , "Rafael
> Lopez" , "Gabriel Lopez-Millan" , "Rafa
> Marin-Lopez"
>
>
> A new version of I-D, draft-ietf-i2nsf-sdn-ipsec-flow-protection-11.txt
> has been
"Gabriel Lopez-Millan" , "Rafa Marin-Lopez" ,
> "Rafael Lopez" , "Fernando Pereniguez-Garcia"
>
>
>
> A new version of I-D, draft-ietf-i2nsf-sdn-ipsec-flow-protection-10.txt
> has been successfully submitted by Rafa Marin-Lopez and post
a las 20:15, internet-dra...@ietf.org escribió:
>
>
> A new version of I-D, draft-ietf-i2nsf-sdn-ipsec-flow-protection-09.txt
> has been successfully submitted by Rafa Marin-Lopez and posted to the
> IETF repository.
>
> Name: draft-ietf-i2nsf-sdn-ipsec
..@ietf.org>> On Behalf Of Lou Berger
>>>>> Sent: 27 September 2020 15:26
>>>>> To: Christian Hopps mailto:cho...@chopps.org>>;
>>>>> Martin Björklund mailto:mbj+i...@4668.se>>
>>>>> Cc: Robert Wilton >>>
Hi Christian (, Rob):
Thanks for your comments. We really appreciate them. Please see some comments
inline.
> El 12 oct 2020, a las 22:21, Christian Hopps escribió:
>
>
>
>> On Oct 12, 2020, at 3:07 PM, Rafa Marin-Lopez > <mailto:r...@um.es>> wrote:
>>
om: yang-doctors On Behalf Of Lou Berger
> Sent: 27 September 2020 15:26
> To: Christian Hopps ; Martin Björklund
> Cc: Robert Wilton ; i2nsf@ietf.org;
> Gabriel Lopez ;
> draft-ietf-i2nsf-sdn-ipsec-flow-protection@ietf.org; ip...@ietf.org;
> last-c...@ietf.org; Rafa
Hi Tom:
Please see our comments inline:
> El 28 sept 2020, a las 11:33, tom petch escribió:
>
> On 28/09/2020 10:01, Rafa Marin-Lopez wrote:
>> Hi Rob, Tom:
>>
>> Renaming the modules sounds reasonable. With regard to have a different
>> prefix, it is
ee as a source of confusion. If this
> is nsf specific, then I would suggest nsfike although nsfikeless then seems a
> bit long.
>
> Tom Petch
>
>> Regards,
>> Rob
>>
>>
>> From: Rafa Marin-Lopez mailto:r...@um.es>>
>> Sent: 23 September
he YANG model in the I-D has tried to reflect this
discussion. It was never the intention to provide a general YANG model for
IPsec.
Best Regards.
> Thanks,
> Rob
>
>
> From: Rafa Marin-Lopez
> Sent: 22 September 2020 14:05
> To: Rob Wilton (rwilton)
> Cc: Rafa Marin
default value and w/o an explanation of what happens if that leaf
>>> is not set. You should find those and either make them mandatory,
>>> add a default value, or explain what it means when it isn't set.
>>> As an example,
>>&
n their names to make clear they aren't trying to, and can't
> be the base model for general IPsec use. Right now you are naming your
> modules "ietf-ipsec-common", "ietf-ipsec-ike", "ietf-ipsec-ikeless" which
> doesn't indicate the heavy SDN focus that the models
r. We hope these clarifications help to understand the motivation of
defining the YANG model in this way.
Best Regards and many thanks.
>
> Thanks,
> Chris.
>
---
Rafa Marin-Lopez, PhD
Dept. Info
ernet-dra...@ietf.org> escribió:
>
>
> A new version of I-D, draft-ietf-i2nsf-sdn-ipsec-flow-protection-08.txt
> has been successfully submitted by Rafa Marin-Lopez and posted to the
> IETF repository.
>
> Name: draft-ietf-i2nsf-sdn-ipsec-flow-protection
> Revision:
Your text is better.
>
> (44) Section 9.1. Editorial. s/One option is to return always /One
> option is to always return .../
>
> (45) Section 9.1. Per "Moreover, the PSK MUST have a proper length (e.g.
> minimum 128 bit lengt
nd Section 7 of [8192] doesn't mention the security controller at
> all.
>
> (42) Section 9.1. Should configurations adhere to the algorithm
> recommendations of RFC8247?
>
> (43) Section 9.1 and 9.2. Per "The general recommendation is that the
> Security Controller MUST
> Asunto: New Version Notification for
> draft-ietf-i2nsf-sdn-ipsec-flow-protection-06.txt
> Fecha: 29 de julio de 2019, 19:33:32 CEST
> Para: "Fernando Pereniguez-Garcia" , "Rafa
> Marin-Lopez" , "Rafael Lopez" , "Gabriel
> Lopez-Millan&q
t;>> (or near real-time) tasks as it may happen in IKE-less case,
>>> then this problem may become serious.
>>>
>>> Anyway, I'm happy with the updated text, thank you.
>>> However, in a following document(s), suggested by Yoav,
>>> I'd
>> (or near real-time) tasks as it may happen in IKE-less case,
>> then this problem may become serious.
>>
>> Anyway, I'm happy with the updated text, thank you.
>> However, in a following document(s), suggested by Yoav,
>> I'd like to see more concrete a
Hi Tero:
> El 22 jul 2019, a las 16:52, Tero Kivinen escribió:
>
> Rafa Marin-Lopez writes:
>> We submitted a new version of the I-D (v05) where we have applied several
>> changes. In the following you have a summary of the main changes, which we
>> will expand/expl
>> I didn't find this discussion in the draft (sorry if I missed it).
>>
>> Regards,
>> Valery.
>>
>>
>>
>>
>> Thanks for getting this done and published.
>>
>> We will wait with requesting publication until the I2NSF s
ill wait with requesting publication until the I2NSF session next week.
> Between now and then, please re-read the draft and send a message to the list
> is something is seriously wrong.
>
> Barring any such shouting, we will request publication right after the
> meeting.
>
>
t;
>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the Interface to Network Security Functions WG
> of the IETF.
>
>Title : Software-Defined Networking (SDN)-based
Hi Tero:
> El 4 jun 2019, a las 11:40, Tero Kivinen escribió:
>
> Rafa Marin-Lopez writes:
>> Hi Tero, Paul:
>>
>>El 2 jun 2019, a las 17:09, Paul Wouters escribió:
>>
>>On Sun, 2 Jun 2019, Tero Kivinen wrote:
>>
>>I.e
o use the number of packets lifetime instead of
having this new threshold (in xfrm we have seen replay_maxdiff and
replay_maxage as such as threshold).
Best Regards.
>
> Paul
>
> _______
> I2nsf mailing list
> I2nsf@ietf.org
> https://ww
t;>
>
> _______
> I2nsf mailing list
> I2nsf@ietf.org
> https://www.ietf.org/mailman/listinfo/i2nsf
---
Rafa Marin-Lopez, PhD
Dept. Information and
Hi Paul:
Please see some additional comments inline:
snip
>
>> It can also instruct the affected NSF to send IKEv2 INITIAL_CONTACT.
>>
>> I think this is something the IKEv2 implementation would determine on
>> its own.
>> I would remove the sentence or change it to say the
pe
> ic:integrity-algorithm-t; description "authentication algorithm of the
> expired SA"; }
>
> So if you keep AEAD as a seperate entry, you also need a leaf here for it.
[Authors] If the encryption-algorithm is AEAD the
authentication(integrity)-algorithm will not contain any algorit
ch protocol to include.
Best Regards.
> My two cents.
>
> Linda
>
>
>
> On Tue, May 21, 2019 at 3:02 AM Rafa Marin-Lopez <mailto:r...@um.es>> wrote:
> Hi Linda:
>
> In order to see whether we are in the same page here I would like to ask a
&
Hi Linda:
> El 21 may 2019, a las 23:02, Linda Dunbar escribió:
>
> Gabriel and Rofa,
>
> Just to clarify: the purpose of asking you changing from "container.." to
> "grouping.." is for "i2nsf-nsf-facing-interface-dm" to the "ikev2" and
> "ietf-ipsec" structure defined in
” to specify the value).
>
> By the way, if you do want to register to IANA, you can send the following
> request which can be easily done.
>
> https://www.iana.org/form/protocol-assignment
> <https://www.iana.org/form/protocol-assignment>
>
>
> Cheers,
>
Dear Martin:
Thank you very much for your review. Our comments inline.
> El 17 abr 2019, a las 17:54, Martin Björklund via Datatracker
> mailto:nore...@ietf.org>> escribió:
>
> Reviewer: Martin Björklund
> Review result: Not Ready
>
> This is my YANG doctor review of
>
Dear all:
As one of the authors of this document, I am not aware of any IPRs related with
it.
Best Regards.
> El 17 abr 2019, a las 16:54, Linda Dunbar escribió:
>
> Hello Working Group,
>
> This email starts a four weeks Working Group Last Call on
>
t; https://www.ietf.org/mailman/listinfo/yang-doctors
>>> <https://www.ietf.org/mailman/listinfo/yang-doctors>
>> Mahesh Jethanandani
>> mjethanand...@gmail.com <mailto:mjethanand...@gmail.com>
>>
>>
>>
>> _
> draft-ietf-i2nsf-sdn-ipsec-flow-protection-04.txt
> Fecha: 11 de marzo de 2019, 20:54:28 CET
> Para: "Fernando Pereniguez-Garcia" , "Rafa
> Marin-Lopez" , "Rafael Lopez" , "Gabriel
> Lopez-Millan"
>
>
> A new version of I-
From: I2nsf [mailto:i2nsf-boun...@ietf.org] On Behalf Of Yoav Nir
> Sent: Tuesday, November 27, 2018 4:39 PM
> To: Gabriel Lopez
> Cc: i2nsf@ietf.org; ip...@ietf.org WG ; Paul Wouters
> ; Rafa Marin Lopez
> Subject: Re: [I2nsf] [IPsec] Review of
> draft-ietf-i2nsf-sdn-ipsec-flow-pro
/?include_text=1>
>
>
> Linda
> From: I2nsf [mailto:i2nsf-boun...@ietf.org <mailto:i2nsf-boun...@ietf.org>]
> On Behalf Of Yoav Nir
> Sent: Wednesday, November 14, 2018 12:33 PM
> To: Rafa Marin-Lopez mailto:r...@um.es>>
> Cc: i2nsf@ietf.org <mailto:i2nsf@i
Yes, correct, it is a typo.
Thank you.
El 5 de diciembre de 2018 22:48:34 CET, Linda Dunbar
escribió:
>
>Gabriel and Rafa,
>
>On Page 36 (Appendix A), you have the following :
>grouping port-range {
>description "Port range grouping";
>leaf start { type inet:port-number; description "Start IP
etf-opsawg-nat-yang-17
<https://tools.ietf.org/html/draft-ietf-opsawg-nat-yang-17>
the Security Controller could use this netconf module with a gateway to
collect NAT information or even configure a NAT.
Regarding the usage of UDP, TCP or TLS, since it controls all the networ
are plausible.
Most probably we should start to analyzing the simple (and perhaps more
realistic) case: road warrior with IKE case where the SC does not configure the
host.
Best Regards.
>
> Yoav
---
Rafa Marin-Lopez, PhD
Dept. Informa
method (i.e. a raw public key, a x509 certificate
or preshared keys), DH groups,
modes and algorithms for IKE SA negotiation, etc.”
Best Regards.
-------
Rafa Marin-Lopez, PhD
Dept. Information and Communications Engineering (DIIC)
Faculty of Compu
Hi Paul:
First of all, thank you very much for this impressive review. We are going to
process all your comments as soon as possible by separating our answers in
different e-mails so that the discussion is easier to follow.
In any case, we would like to answer first to your initial question
t is important to document the risks associated with the option, so that
> users can make the informed decision.
>
>
> Thanks, Linda Dunbar
-------
Rafa Marin-Lopez, PhD
Dept. Information and Communications Engineering (DIIC)
Faculty of
Dear Yoav, all:
Thank you for all your inputs and discussions about the I-D. We will re-submit
as draft-ietf-i2nsf-ipsec-flow-00.
Best Regards.
> El 2 oct 2017, a las 23:58, Yoav Nir escribió:
>
> Hi all.
>
> Thank you all for chiming in. The response was mostly
Support for WG adoption.
Best Regards.
> El 15 sept 2017, a las 10:09, Yoav Nir escribió:
>
> Hi all
>
> This starts a two-week call for adoption of
> draft-abad-i2nsf-sdn-ipsec-flow-protection. Please send in your comments both
> for and against adopting this as a
Hi Tero:
Thanks for this discussion. Really interesting and productive in my opinion. My
comments inline
> El 19 jul 2017, a las 10:17, Tero Kivinen <kivi...@iki.fi> escribió:
>
> Rafa Marin-Lopez writes:
>>I.e. any TLA would love to get their hands on all the traf
there are many of them.
>>
>> Regards,
>> Valery.
>>
>> ___
>> I2nsf mailing list
>> I2nsf@ietf.org <mailto:I2nsf@ietf.org>
>> https://www.ietf.org/mailman/listinfo/i2nsf
>> <https://www
st policies to endpoints. I would much rather see a minimal-IKEv2
> implementation then this "non-IKE" style solution.
>
> Paul
>
> ___
> I2nsf mailing list
> I2nsf@ietf.org
> https://www.ietf.org/mailman/listinfo/i2nsf
__
> IPsec mailing list
> ip...@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
---
Rafa Marin-Lopez, PhD
Dept. Information and Communications Engineering (DIIC)
Faculty of Computer Science-U
> --
> kivi...@iki.fi
>
> ___
> I2nsf mailing list
> I2nsf@ietf.org
> https://www.ietf.org/mailman/listinfo/i2nsf
to seeing you in Prague.
>
> Travel safe,
> Linda & Adrian.
>
> ___
> I2nsf mailing list
> I2nsf@ietf.org <mailto:I2nsf@ietf.org>
> https://www.ietf.org/mailman/listinfo/i2nsf
> <https://www.ietf.org/mailman/listinfo/
Hi Paul:
Thank you for your comments. Please, see mine inline.
>>> [Rafa] I guess, it will depend on the scenario. I remember an e-mail to
>>> I2NSF (https://www.ietf.org/mail-archive/web/i2nsf/current/msg0.html)
>>> mentioning that they were doing sort of case 2 and they would like to
---
> ___
> I2nsf mailing list
> I2nsf@ietf.org <mailto:I2nsf@ietf.org>
> https://www.ietf.org/mailman/listinfo/i2nsf
> <https://www.ietf.org/mailman/listinfo/i2nsf>
-
Hi Susan:
Thank you for addressing these comments. Let me answer a couple of aspects.
>
> Section 4. In the use cases, there is no explicit text where key distribution
> is required. One may think that section 4.3.2 and, most probably, 4.3.3 may
> be related with key management (section
ed below:
[Rafa] Mine, as well. Please see inline.
>
> Please provide the clarification requested below.
>
>> Subject: Re: Next steps about SDN and IPSec
>> From: Rafa Marin Lopez <r...@um.es>
>> Date: Sun, 2 Oct 2016 23:59:14 +0200
>> Cc: Rafa Marin Lopez <r...@um
the
controller to react and update the SAs. Is this kind of event in the I2NSF
scope?
In any case we are going to modify the I-D to show all these aspects.
Some comments inline:
>
>
> Other comments are inserted below
>
>
> -Original Message-
> From: Rafa Ma
Dear Sowmini:
> El 19 jun 2016, a las 23:45, Sowmini Varadhan <sowmini.varad...@oracle.com>
> escribió:
>
> On (06/19/16 20:06), Rafa Marin Lopez wrote:
>>> I had a related question Section 8.2, #2 as well: is the first
>>> data packet in the clear or
Dear Sowmini:
Thanks for asking about our I-D.
> El 17 jun 2016, a las 23:26, Sowmini Varadhan
> escribió:
>
> On (06/17/16 20:50), Linda Dunbar wrote:
>> - Section 8.1: Page 11: Bullet 1:
>> You stated that the node sends the first packet to Controller for
controllers would fail so that you would notice that the needed
resource is not available as well, right?
Best Regards.
>
>
>
> Thanks, Linda
>
> -Original Message-
> From: Rafa Marin Lopez [mailto:r...@um.es]
> Sent: Friday, June 17, 2016 7:43 AM
> To: Linda
Dear all:
Maybe this I-D might be interesting and related with this discussion regarding
IPsec/IKE management. We hope to have an updated version soon and a
proof-of-concept implementation of some of the scenarios.
https://tools.ietf.org/html/draft-abad-sdnrg-sdn-ipsec-flow-protection-01
Best
79 matches
Mail list logo