Re: [IPsec] My shepherd review to draft-ietf-ipsecme-ikev2-multiple-ke

Hi Tero, CJ has already made changes to the github copy of the draft (many thanks to him!). Few comments below. > -Original Message- > From: IPsec On Behalf Of Tero Kivinen > Sent: Saturday, June 4, 2022 8:36 PM > To: draft-ietf-ipsecme-ikev2-multiple...@ietf.org > Cc: ipsec@ietf.org >

[IPsec] I-D Action: draft-ietf-ipsecme-ikev1-algo-to-historic-05.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Maintenance and Extensions WG of the IETF. Title : Deprecation of IKEv1 and obsoleted algorithms Author : Paul Wouters

[IPsec] I-D Action: draft-ietf-ipsecme-ikev1-algo-to-historic-04.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Maintenance and Extensions WG of the IETF. Title : Deprecation of IKEv1 and obsoleted algorithms Author : Paul Wouters

[IPsec] My shepherd review of draft-ietf-ipsecme-ikev1-algo-to-historic

In the introduction there is text: Algorithm implementation requirements and usage guidelines for IKEv2 [RFC8247] and ESP/AH [RFC8223] gives guidance to implementors but limits that guidance to avoid broken or weak algorithms. but the RFC8223 is completely unrelated to the matter in

Re: [IPsec] Comments: New Version Notification for draft-mglt-ipsecme-diet-esp-08

On Tue, 7 Jun 2022, Daniel Migault wrote: What will it take to add AES-GCM-12 to supported ciphers by IKE (and thus ESP)?  For my use case, I have a hard time seeing why I need a 16-byte ICV.  Even an 30 min operation with streaming video is a limited number of packets.

Re: [IPsec] Comments: New Version Notification for draft-mglt-ipsecme-diet-esp-08

Yes, that what I then realized while reading the first email. At that point a document is needed wich could be pretty straight forward I believe. Yours, Daniel On Tue, Jun 7, 2022 at 8:50 AM Robert Moskowitz wrote: > > > On 6/7/22 08:43, Daniel Migault wrote: > > > > On Tue, Jun 7, 2022 at

Re: [IPsec] Comments: New Version Notification for draft-mglt-ipsecme-diet-esp-08

On Mon, May 16, 2022 at 4:47 PM Robert Moskowitz wrote: > Thanks, Daniel for the update. > > Now some comments. > > The necessary state is held within the IPsec Security Association and > > The document specifies the necessary parameters of the EHC Context to > allow compression of

Re: [IPsec] Comments: New Version Notification for draft-mglt-ipsecme-diet-esp-08

On 6/7/22 08:43, Daniel Migault wrote: On Tue, Jun 7, 2022 at 8:14 AM Robert Moskowitz wrote: Daniel, Back at it, now that ASTM is behind me... what will it take to bring this in line with SCHC.  I don't know SCHC well enough to pick up the differences. We are

Re: [IPsec] Comments: New Version Notification for draft-mglt-ipsecme-diet-esp-08

On Tue, Jun 7, 2022 at 8:14 AM Robert Moskowitz wrote: > Daniel, > > Back at it, now that ASTM is behind me... > > what will it take to bring this in line with SCHC. I don't know SCHC > well enough to pick up the differences. > > We are basically balancing re-using a framework used /

Re: [IPsec] Comments: New Version Notification for draft-mglt-ipsecme-diet-esp-08

Daniel, Back at it, now that ASTM is behind me... what will it take to bring this in line with SCHC.  I don't know SCHC well enough to pick up the differences. What will it take to add AES-GCM-12 to supported ciphers by IKE (and thus ESP)?  For my use case, I have a hard time seeing why I