the
controller to react and update the SAs. Is this kind of event in the I2NSF
scope?
In any case we are going to modify the I-D to show all these aspects.
Some comments inline:
>
>
> Other comments are inserted below
>
>
> -Original Message-
> From: Rafa Ma
Dear all:
Maybe this I-D might be interesting and related with this discussion regarding
IPsec/IKE management. We hope to have an updated version soon and a
proof-of-concept implementation of some of the scenarios.
https://tools.ietf.org/html/draft-abad-sdnrg-sdn-ipsec-flow-protection-01
Best
controllers would fail so that you would notice that the needed
resource is not available as well, right?
Best Regards.
>
>
>
> Thanks, Linda
>
> -Original Message-
> From: Rafa Marin Lopez [mailto:r...@um.es]
> Sent: Friday, June 17, 2016 7:43 AM
> To: Linda
Dear Sowmini:
Thanks for asking about our I-D.
> El 17 jun 2016, a las 23:26, Sowmini Varadhan
> escribió:
>
> On (06/17/16 20:50), Linda Dunbar wrote:
>> - Section 8.1: Page 11: Bullet 1:
>> You stated that the node sends the first packet to Controller for
Dear Sowmini:
> El 19 jun 2016, a las 23:45, Sowmini Varadhan <sowmini.varad...@oracle.com>
> escribió:
>
> On (06/19/16 20:06), Rafa Marin Lopez wrote:
>>> I had a related question Section 8.2, #2 as well: is the first
>>> data packet in the clear or
Hi Susan:
Thank you for addressing these comments. Let me answer a couple of aspects.
>
> Section 4. In the use cases, there is no explicit text where key distribution
> is required. One may think that section 4.3.2 and, most probably, 4.3.3 may
> be related with key management (section
---
> ___
> I2nsf mailing list
> I2nsf@ietf.org <mailto:I2nsf@ietf.org>
> https://www.ietf.org/mailman/listinfo/i2nsf
> <https://www.ietf.org/mailman/listinfo/i2nsf>
-
ed below:
[Rafa] Mine, as well. Please see inline.
>
> Please provide the clarification requested below.
>
>> Subject: Re: Next steps about SDN and IPSec
>> From: Rafa Marin Lopez <r...@um.es>
>> Date: Sun, 2 Oct 2016 23:59:14 +0200
>> Cc: Rafa Marin Lopez <r...@um
to seeing you in Prague.
>
> Travel safe,
> Linda & Adrian.
>
> ___
> I2nsf mailing list
> I2nsf@ietf.org <mailto:I2nsf@ietf.org>
> https://www.ietf.org/mailman/listinfo/i2nsf
> <https://www.ietf.org/mailman/listinfo/
> --
> kivi...@iki.fi
>
> ___
> I2nsf mailing list
> I2nsf@ietf.org
> https://www.ietf.org/mailman/listinfo/i2nsf
__
> IPsec mailing list
> ip...@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
---
Rafa Marin-Lopez, PhD
Dept. Information and Communications Engineering (DIIC)
Faculty of Computer Science-U
st policies to endpoints. I would much rather see a minimal-IKEv2
> implementation then this "non-IKE" style solution.
>
> Paul
>
> ___
> I2nsf mailing list
> I2nsf@ietf.org
> https://www.ietf.org/mailman/listinfo/i2nsf
there are many of them.
>>
>> Regards,
>> Valery.
>>
>> ___
>> I2nsf mailing list
>> I2nsf@ietf.org <mailto:I2nsf@ietf.org>
>> https://www.ietf.org/mailman/listinfo/i2nsf
>> <https://www
Hi Tero:
Thanks for this discussion. Really interesting and productive in my opinion. My
comments inline
> El 19 jul 2017, a las 10:17, Tero Kivinen <kivi...@iki.fi> escribió:
>
> Rafa Marin-Lopez writes:
>>I.e. any TLA would love to get their hands on all the traf
Hi Paul:
Thank you for your comments. Please, see mine inline.
>>> [Rafa] I guess, it will depend on the scenario. I remember an e-mail to
>>> I2NSF (https://www.ietf.org/mail-archive/web/i2nsf/current/msg0.html)
>>> mentioning that they were doing sort of case 2 and they would like to
Support for WG adoption.
Best Regards.
> El 15 sept 2017, a las 10:09, Yoav Nir escribió:
>
> Hi all
>
> This starts a two-week call for adoption of
> draft-abad-i2nsf-sdn-ipsec-flow-protection. Please send in your comments both
> for and against adopting this as a
Dear Yoav, all:
Thank you for all your inputs and discussions about the I-D. We will re-submit
as draft-ietf-i2nsf-ipsec-flow-00.
Best Regards.
> El 2 oct 2017, a las 23:58, Yoav Nir escribió:
>
> Hi all.
>
> Thank you all for chiming in. The response was mostly
t is important to document the risks associated with the option, so that
> users can make the informed decision.
>
>
> Thanks, Linda Dunbar
-------
Rafa Marin-Lopez, PhD
Dept. Information and Communications Engineering (DIIC)
Faculty of
are plausible.
Most probably we should start to analyzing the simple (and perhaps more
realistic) case: road warrior with IKE case where the SC does not configure the
host.
Best Regards.
>
> Yoav
---
Rafa Marin-Lopez, PhD
Dept. Informa
etf-opsawg-nat-yang-17
<https://tools.ietf.org/html/draft-ietf-opsawg-nat-yang-17>
the Security Controller could use this netconf module with a gateway to
collect NAT information or even configure a NAT.
Regarding the usage of UDP, TCP or TLS, since it controls all the networ
Yes, correct, it is a typo.
Thank you.
El 5 de diciembre de 2018 22:48:34 CET, Linda Dunbar
escribió:
>
>Gabriel and Rafa,
>
>On Page 36 (Appendix A), you have the following :
>grouping port-range {
>description "Port range grouping";
>leaf start { type inet:port-number; description "Start IP
From: I2nsf [mailto:i2nsf-boun...@ietf.org] On Behalf Of Yoav Nir
> Sent: Tuesday, November 27, 2018 4:39 PM
> To: Gabriel Lopez
> Cc: i2nsf@ietf.org; ip...@ietf.org WG ; Paul Wouters
> ; Rafa Marin Lopez
> Subject: Re: [I2nsf] [IPsec] Review of
> draft-ietf-i2nsf-sdn-ipsec-flow-pro
/?include_text=1>
>
>
> Linda
> From: I2nsf [mailto:i2nsf-boun...@ietf.org <mailto:i2nsf-boun...@ietf.org>]
> On Behalf Of Yoav Nir
> Sent: Wednesday, November 14, 2018 12:33 PM
> To: Rafa Marin-Lopez mailto:r...@um.es>>
> Cc: i2nsf@ietf.org <mailto:i2nsf@i
method (i.e. a raw public key, a x509 certificate
or preshared keys), DH groups,
modes and algorithms for IKE SA negotiation, etc.”
Best Regards.
-------
Rafa Marin-Lopez, PhD
Dept. Information and Communications Engineering (DIIC)
Faculty of Compu
Hi Paul:
First of all, thank you very much for this impressive review. We are going to
process all your comments as soon as possible by separating our answers in
different e-mails so that the discussion is easier to follow.
In any case, we would like to answer first to your initial question
> draft-ietf-i2nsf-sdn-ipsec-flow-protection-04.txt
> Fecha: 11 de marzo de 2019, 20:54:28 CET
> Para: "Fernando Pereniguez-Garcia" , "Rafa
> Marin-Lopez" , "Rafael Lopez" , "Gabriel
> Lopez-Millan"
>
>
> A new version of I-
t; https://www.ietf.org/mailman/listinfo/yang-doctors
>>> <https://www.ietf.org/mailman/listinfo/yang-doctors>
>> Mahesh Jethanandani
>> mjethanand...@gmail.com <mailto:mjethanand...@gmail.com>
>>
>>
>>
>> _
Dear all:
As one of the authors of this document, I am not aware of any IPRs related with
it.
Best Regards.
> El 17 abr 2019, a las 16:54, Linda Dunbar escribió:
>
> Hello Working Group,
>
> This email starts a four weeks Working Group Last Call on
>
o use the number of packets lifetime instead of
having this new threshold (in xfrm we have seen replay_maxdiff and
replay_maxage as such as threshold).
Best Regards.
>
> Paul
>
> _______
> I2nsf mailing list
> I2nsf@ietf.org
> https://ww
t;>
>
> _______
> I2nsf mailing list
> I2nsf@ietf.org
> https://www.ietf.org/mailman/listinfo/i2nsf
---
Rafa Marin-Lopez, PhD
Dept. Information and
Hi Tero:
> El 4 jun 2019, a las 11:40, Tero Kivinen escribió:
>
> Rafa Marin-Lopez writes:
>> Hi Tero, Paul:
>>
>>El 2 jun 2019, a las 17:09, Paul Wouters escribió:
>>
>>On Sun, 2 Jun 2019, Tero Kivinen wrote:
>>
>>I.e
Hi Paul:
Please see some additional comments inline:
snip
>
>> It can also instruct the affected NSF to send IKEv2 INITIAL_CONTACT.
>>
>> I think this is something the IKEv2 implementation would determine on
>> its own.
>> I would remove the sentence or change it to say the
Hi Linda:
> El 21 may 2019, a las 23:02, Linda Dunbar escribió:
>
> Gabriel and Rofa,
>
> Just to clarify: the purpose of asking you changing from "container.." to
> "grouping.." is for "i2nsf-nsf-facing-interface-dm" to the "ikev2" and
> "ietf-ipsec" structure defined in
ch protocol to include.
Best Regards.
> My two cents.
>
> Linda
>
>
>
> On Tue, May 21, 2019 at 3:02 AM Rafa Marin-Lopez <mailto:r...@um.es>> wrote:
> Hi Linda:
>
> In order to see whether we are in the same page here I would like to ask a
&
pe
> ic:integrity-algorithm-t; description "authentication algorithm of the
> expired SA"; }
>
> So if you keep AEAD as a seperate entry, you also need a leaf here for it.
[Authors] If the encryption-algorithm is AEAD the
authentication(integrity)-algorithm will not contain any algorit
” to specify the value).
>
> By the way, if you do want to register to IANA, you can send the following
> request which can be easily done.
>
> https://www.iana.org/form/protocol-assignment
> <https://www.iana.org/form/protocol-assignment>
>
>
> Cheers,
>
Dear Martin:
Thank you very much for your review. Our comments inline.
> El 17 abr 2019, a las 17:54, Martin Björklund via Datatracker
> mailto:nore...@ietf.org>> escribió:
>
> Reviewer: Martin Björklund
> Review result: Not Ready
>
> This is my YANG doctor review of
>
t;
>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the Interface to Network Security Functions WG
> of the IETF.
>
>Title : Software-Defined Networking (SDN)-based
> Asunto: New Version Notification for
> draft-ietf-i2nsf-sdn-ipsec-flow-protection-06.txt
> Fecha: 29 de julio de 2019, 19:33:32 CEST
> Para: "Fernando Pereniguez-Garcia" , "Rafa
> Marin-Lopez" , "Rafael Lopez" , "Gabriel
> Lopez-Millan&q
>> (or near real-time) tasks as it may happen in IKE-less case,
>> then this problem may become serious.
>>
>> Anyway, I'm happy with the updated text, thank you.
>> However, in a following document(s), suggested by Yoav,
>> I'd like to see more concrete a
t;>> (or near real-time) tasks as it may happen in IKE-less case,
>>> then this problem may become serious.
>>>
>>> Anyway, I'm happy with the updated text, thank you.
>>> However, in a following document(s), suggested by Yoav,
>>> I'd
ill wait with requesting publication until the I2NSF session next week.
> Between now and then, please re-read the draft and send a message to the list
> is something is seriously wrong.
>
> Barring any such shouting, we will request publication right after the
> meeting.
>
>
>> I didn't find this discussion in the draft (sorry if I missed it).
>>
>> Regards,
>> Valery.
>>
>>
>>
>>
>> Thanks for getting this done and published.
>>
>> We will wait with requesting publication until the I2NSF s
Hi Tero:
> El 22 jul 2019, a las 16:52, Tero Kivinen escribió:
>
> Rafa Marin-Lopez writes:
>> We submitted a new version of the I-D (v05) where we have applied several
>> changes. In the following you have a summary of the main changes, which we
>> will expand/expl
nd Section 7 of [8192] doesn't mention the security controller at
> all.
>
> (42) Section 9.1. Should configurations adhere to the algorithm
> recommendations of RFC8247?
>
> (43) Section 9.1 and 9.2. Per "The general recommendation is that the
> Security Controller MUST
..@ietf.org>> On Behalf Of Lou Berger
>>>>> Sent: 27 September 2020 15:26
>>>>> To: Christian Hopps mailto:cho...@chopps.org>>;
>>>>> Martin Björklund mailto:mbj+i...@4668.se>>
>>>>> Cc: Robert Wilton >>>
om: yang-doctors On Behalf Of Lou Berger
> Sent: 27 September 2020 15:26
> To: Christian Hopps ; Martin Björklund
> Cc: Robert Wilton ; i2nsf@ietf.org;
> Gabriel Lopez ;
> draft-ietf-i2nsf-sdn-ipsec-flow-protection@ietf.org; ip...@ietf.org;
> last-c...@ietf.org; Rafa
Hi Christian (, Rob):
Thanks for your comments. We really appreciate them. Please see some comments
inline.
> El 12 oct 2020, a las 22:21, Christian Hopps escribió:
>
>
>
>> On Oct 12, 2020, at 3:07 PM, Rafa Marin-Lopez > <mailto:r...@um.es>> wrote:
>>
a las 20:15, internet-dra...@ietf.org escribió:
>
>
> A new version of I-D, draft-ietf-i2nsf-sdn-ipsec-flow-protection-09.txt
> has been successfully submitted by Rafa Marin-Lopez and posted to the
> IETF repository.
>
> Name: draft-ietf-i2nsf-sdn-ipsec
Hi Tom:
Please see our comments inline:
> El 28 sept 2020, a las 11:33, tom petch escribió:
>
> On 28/09/2020 10:01, Rafa Marin-Lopez wrote:
>> Hi Rob, Tom:
>>
>> Renaming the modules sounds reasonable. With regard to have a different
>> prefix, it is
default value and w/o an explanation of what happens if that leaf
>>> is not set. You should find those and either make them mandatory,
>>> add a default value, or explain what it means when it isn't set.
>>> As an example,
>>&
ee as a source of confusion. If this
> is nsf specific, then I would suggest nsfike although nsfikeless then seems a
> bit long.
>
> Tom Petch
>
>> Regards,
>> Rob
>>
>>
>> From: Rafa Marin-Lopez mailto:r...@um.es>>
>> Sent: 23 September
he YANG model in the I-D has tried to reflect this
discussion. It was never the intention to provide a general YANG model for
IPsec.
Best Regards.
> Thanks,
> Rob
>
>
> From: Rafa Marin-Lopez
> Sent: 22 September 2020 14:05
> To: Rob Wilton (rwilton)
> Cc: Rafa Marin
Your text is better.
>
> (44) Section 9.1. Editorial. s/One option is to return always /One
> option is to always return .../
>
> (45) Section 9.1. Per "Moreover, the PSK MUST have a proper length (e.g.
> minimum 128 bit lengt
be.
>
> The example IPv6 address in the YANG module has :0:0: which is usually just ::
Fixed.
If you have any further comments, please let us know so we can include them in
-12
Best Regards.
>
> And I have some way to go still.
>
> Tom Petch
>
> On 22/10/2020 18:
r. We hope these clarifications help to understand the motivation of
defining the YANG model in this way.
Best Regards and many thanks.
>
> Thanks,
> Chris.
>
---
Rafa Marin-Lopez, PhD
Dept. Info
ernet-dra...@ietf.org> escribió:
>
>
> A new version of I-D, draft-ietf-i2nsf-sdn-ipsec-flow-protection-08.txt
> has been successfully submitted by Rafa Marin-Lopez and posted to the
> IETF repository.
>
> Name: draft-ietf-i2nsf-sdn-ipsec-flow-protection
> Revision:
n their names to make clear they aren't trying to, and can't
> be the base model for general IPsec use. Right now you are naming your
> modules "ietf-ipsec-common", "ietf-ipsec-ike", "ietf-ipsec-ikeless" which
> doesn't indicate the heavy SDN focus that the models
rect. RFC 6040 is the proper reference.
Best Regards.
>
>
>
>
>
> ___
> I2nsf mailing list
> I2nsf@ietf.org
> https://ww
he I2NSF Controller
configures in the NSFs. Similarly, the encryption algorithms used in the
security association between I2NSF Controller and the NSF MUST have, at least,
the same strength as the algorithms used to establish the IPsec SAs.”
Is this reasonable?
Best Regards.
>
>
Dear Erik:
This e-mail is just to confirm that you received our answer regarding your
review.
Best Regards and thanks again.
> Inicio del mensaje reenviado:
>
> De: Rafa Marin-Lopez
> Asunto: Re: [I2nsf] Erik Kline's Discuss on
> draft-ietf-i2nsf-sdn-ipsec-flow-protection-12
Dear Magnus:
> El 27 nov 2020, a las 9:56, Magnus Westerlund
> escribió:
>
> Hi,
>
> Please see below.
>
> On Wed, 2020-11-25 at 14:48 +, Magnus Westerlund wrote:
>>
>> On Mon, 2020-11-23 at 19:19 +0100, Rafa Marin-Lopez wrote:
>>> Dear
e document, probably as a new section
> before
> section 7 (IANA considerations).
>
> Regards,
> Rob
>
>
>
> ___
> I2nsf mailing list
> I2nsf@ietf.org
> https://www.ietf.org/mailman/listinfo/i2nsf
--
Dear Magnus:
Please see our comments inline:
> El 1 dic 2020, a las 14:56, Magnus Westerlund
> escribió:
>
> Hi,
>
> Please see inline.
>
> On Tue, 2020-12-01 at 13:46 +0100, Rafa Marin-Lopez wrote:
>> Dear Magnus:
>>
>>> El 27 nov 2020, a las
Dear Magnus:
Just to check we came to a conclusion to this discussion. Please see below.
> El 1 dic 2020, a las 18:28, Magnus Westerlund
> escribió:
>
> Hi,
>
> See inline.
>
> On Tue, 2020-12-01 at 16:44 +0100, Rafa Marin-Lopez wrote:
>> Dear Magnus:
>>
can use that.
>
> [ section 6.2 ]
>
> * s/Notificsation/Notification/
Fixed.
>
> * s/conform/constitute/g?
Fixed.
>
> [ appendix A ]
>
> * "NOT ESP encapsulation." -> "NO ESP encapsulation.", perhaps
Fixed.
>
> [ appendix B ]
>
Hi Tom:
> El 28 oct 2020, a las 19:02, tom petch escribió:
>
> On 28/10/2020 10:42, Rafa Marin-Lopez wrote:
>> Hi Tom:
>>
>> Thank you very much for your insight. It is very helpful. Please see our
>> comments/questions inline.
>>
>>>
Hi Tom:
Thank you very much again. See our comments inline:
> El 29 oct 2020, a las 18:06, tom petch escribió:
>
> Back to routine comments on this I-D; I don't think that any of my earlier
> ones are unresolved.
>
> On 29/10/2020 11:23, Rafa Marin-Lopez wrote:
>> H
de octubre de 2020, 15:32:50 CEST
> Para: "Fernando Pereniguez-Garcia" , "Rafael
> Lopez" , "Gabriel Lopez-Millan" , "Rafa
> Marin-Lopez"
>
>
> A new version of I-D, draft-ietf-i2nsf-sdn-ipsec-flow-protection-11.txt
> has been
"Gabriel Lopez-Millan" , "Rafa Marin-Lopez" ,
> "Rafael Lopez" , "Fernando Pereniguez-Garcia"
>
>
>
> A new version of I-D, draft-ietf-i2nsf-sdn-ipsec-flow-protection-10.txt
> has been successfully submitted by Rafa Marin-Lopez and post
top thinking about it.
Thank you very much for all your effort with this.
Best Regards.
>
> Tom Petch
>
>
> On 28/10/2020 10:42, Rafa Marin-Lopez wrote:
>> Hi Tom:
>
>
>
>
> ___
> I2nsf mailing list
&g
2lopez/ <https://www.linkedin.com/in/dr2lopez/>
>
> e-mail: diego.r.lo...@telefonica.com <mailto:diego.r.lo...@telefonica.com>
> Mobile: +34 682 051 091
> --
>
> On 14/06/2021, 09:24, "I2nsf on behalf of Rafa Marin-Lopez&
;>>> Hi Diego.
>>>>>
>>>>>> El 14 jun 2021, a las 16:47, Diego R. Lopez
>>>>>> escribió:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> It looks reasonable to me, but I wonder w
//www.rfc-editor.org/authors/rfc9061.form.xml
>
>
> Tracking progress
> -
>
> The details of the AUTH48 status of your document are here:
> https://www.rfc-editor.org/auth48/rfc9061
>
> Please let us know if you have any questions.
>
> Thank you for yo
ined
>>> Networking (SDN)
>>
>> The title seems ok to me.
>>
>> Best regards, Gabi.
>>
>>
>>>
>>> Be goode,
>>>
>>> --
>>> "Esta vez no fallaremos, Doctor Infierno"
>>>
>>>
t; Dear Alanna,
>>>
>>> I have revised the last version of the document and all the changes are ok
>>> to me.
>>>
>>> Thank you very much for your work.
>>>
>>> Regards,
>>> Fernando.
>>>
>>> E
dressed to either the
> author of the RFC in question, or to rfc-edi...@rfc-editor.org. Unless
> specifically noted otherwise on the RFC itself, all RFCs are for
> unlimited distribution.
>
>
> The RFC Editor Team
> Association Management Solutions, LLC
>
>
> _
t;> Subject: [I2nsf] IETF 114 I2NSF agenda uploaded
>>
>>
>>
>>
>>
>> I2NSF WG,
>>
>>
>>
>> Here is the agenda for next week’s I2NSF session (Tuesday).
>>
>>
>>
>> https://datatracker.ietf.org/doc/agend
t-marin-yang-edhoc-oscore-00.txt
> Fecha: 28 de febrero de 2023, 6:53:41 CET
> Para: "Alex Fernandez"
> , "Gabriel
> Lopez-Millan" , "Laurent Toutain"
> , "Rafa Marin-Lopez" , "Rafael
> Marin-Lopez"
>
>
> A new versi
79 matches
Mail list logo