Re: [IPsec] Populating ID_DER_ASN1_DN

On Sep 17, 2009, at 5:33 AM, David Wierbowski wrote: Section 3.1.5 of RFC 4945 states that when generating an ID type of ID_DER_ASN1_DN that implementations MUST populate the contents of ID with the Subject field from the end-entity certificate, and MUST do so such that a binary

Re: [IPsec] Call for Review on draft-kanno-ipsecme-camellia-xcbc

Indeed, the matter is strongly related with theoretical proof of evolution of human intelligence. Discussion of evolution of human intelligence is indeed a disucussion about THE NEXT OF COPENHAGEN INTERPRETATION. // We should NOT let WIDE steal ideas. :-) Indeed, it may be possible to

Re: [IPsec] Call for Review on draft-kanno-ipsecme-camellia-xcbc

Gentlemen, This is way out of scope of the IPsec mailing list. Please take this discussion elsewhere. Best regards, Yaron -Original Message- From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Tadayuki Abraham HATTORI Sent: Thursday, September 17,

[IPsec] Working Group Last Call: draft-ietf-ipsecme-aes-ctr-ikev2-02.txt

Paul Hoffman writes: Greetings again. This message starts the WG Last Call on draft-ietf-ipsecme-aes-ctr-ikev2-02.txt. Please read the draft and comment on the list whether or not you think it is ready for standardization. We are particularly interested in hearing from implementers who have

[IPsec] AD review comments for draft-ietf-ipsecme-traffic-visibility

I've now done my AD review for draft-ietf-ipsecme-traffic-visibility-08. I have two substantive comments, and a bunch of minor clarifications/nits. The substantive comments first: - A question: did the WG discuss the pros and cons of integrity protecting the WESP header? (This does make WESP

Re: [IPsec] Working Group Last Call: draft-ietf-ipsecme-aes-ctr-ikev2-02.txt

At 2:23 PM +0300 9/17/09, Tero Kivinen wrote: When reading the roadmap I noticed that camellia-ctr is also not defined for IKEv2 SAs, so I was wondering if the text in this document could be made generic enough so any counter mode cipher could be used. It is not clear to me that future counter

Re: [IPsec] Issue #26: Missing treatment of error cases

At 3:51 PM +0300 9/16/09, Tero Kivinen wrote: For example the text could look something like this: -- Yoav, does Tero's proposed new text work for you? --Paul Hoffman, Director --VPN Consortium

[IPsec] Protocol Action: 'Redirect Mechanism for IKEv2' to Proposed Standard

The IESG has approved the following document: - 'Redirect Mechanism for IKEv2 ' draft-ietf-ipsecme-ikev2-redirect-13.txt as a Proposed Standard This document is the product of the IP Security Maintenance and Extensions Working Group. The IESG contact persons are Tim Polk and Pasi Eronen.

[IPsec] WG last call: draft-ietf-ipsecme-esp-null-heuristics-01

This is to begin a 2 week working group last call for draft-ietf-ipsecme-esp-null-heuristics-01. The target status for this document is Informational. Please send your comments to the ipsec list by Oct. 1, 2009, as follow-ups to this message. Note that this document has had very little review

Re: [IPsec] Populating ID_DER_ASN1_DN

Yoav (and also Raj), Thanks for the clarification. The text in 4301 makes sense. What I do not agree with is the text in 4945 that requires implementations MUST be able to perform matching based on a bitwise comparison of the entire DN in ID to its entry in the SPD. I can agree with saying

Re: [IPsec] Populating ID_DER_ASN1_DN

By the time we re-spin RFC 4945, and I'm not saying that we will, it will look silly specifying stuff for IKEv1, so that section will probably be omitted. On Sep 17, 2009, at 11:48 PM, David Wierbowski wrote: Yoav (and also Raj), Thanks for the clarification. The text in 4301 makes sense.