Re: [IPsec] Martin Duke's Discuss on draft-ietf-ipsecme-iptfs-13: (with DISCUSS and COMMENT)

Martin Duke writes: Thanks for the explanation of the half-duplex mode. Would it be too much to include the following requirements? You seem to think they are redundant but they are not obvious to me from reading the text. Senders MUST encode a BlockLength consistent with the immediately

Re: [IPsec] Fwd: New Version Notification for draft-moskowitz-ipsecme-ipseckey-eddsa-02.txt

Robert Moskowitz wrote: > Here is the latest revision. > Should this draft be adopted by the workgroup for 'proper' document > advancing? adopt it, and WGLC it. It's done. signature.asc Description: PGP signature ___ IPsec mailing list

Re: [IPsec] Warren Kumari's Discuss on draft-ietf-ipsecme-rfc8229bis-07: (with DISCUSS)

On Wed, Aug 10, 2022 at 5:39 PM, Valery Smyslov wrote: > Please see inline. > > > > On Wed, Aug 10, 2022 at 4:37 PM, Valery Smyslov < svan@ > elvis.ru> wrote: > > Hi Warren, > > thank you for this discussion, please see inline. > > Warren Kumari has entered the following ballot position for >

[IPsec] Warren Kumari's Yes on draft-ietf-ipsecme-rfc8229bis-07: (with COMMENT)

Warren Kumari has entered the following ballot position for draft-ietf-ipsecme-rfc8229bis-07: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to

[IPsec] Fwd: New Version Notification for draft-moskowitz-ipsecme-ipseckey-eddsa-02.txt

Here is the latest revision. Should this draft be adopted by the workgroup for 'proper' document advancing? thanks Bob Forwarded Message Subject: New Version Notification for draft-moskowitz-ipsecme-ipseckey-eddsa-02.txt Date: Wed, 10 Aug 2022 14:45:05 -0700 From:

Re: [IPsec] Warren Kumari's Discuss on draft-ietf-ipsecme-rfc8229bis-07: (with DISCUSS)

Please see inline. On Wed, Aug 10, 2022 at 4:37 PM, Valery Smyslov < s...@elvis.ru> wrote: Hi Warren, thank you for this discussion, please see inline. Warren Kumari has entered the following ballot position for draft-ietf-ipsecme-rfc8229bis-07: Discuss When

Re: [IPsec] Fwd: New Version Notification for draft-moskowitz-ipsecme-ipseckey-eddsa-01.txt

On 8/10/22 16:45, Paul Wouters wrote: On Aug 10, 2022, at 16:07, Robert Moskowitz wrote:  On 8/10/22 16:04, Paul Wouters wrote: Robert Moskowitz wrote: I think I could have the IANA Considerations have a fix for 1 - 3 as well as add 4. Please do. I talked to IANA and they agreed

Re: [IPsec] Warren Kumari's Discuss on draft-ietf-ipsecme-rfc8229bis-07: (with DISCUSS)

On Wed, Aug 10, 2022 at 4:37 PM, Valery Smyslov wrote: > Hi Warren, > > thank you for this discussion, please see inline. > > Warren Kumari has entered the following ballot position for > draft-ietf-ipsecme-rfc8229bis-07: Discuss > > When responding, please keep the subject line intact and reply

Re: [IPsec] Fwd: New Version Notification for draft-moskowitz-ipsecme-ipseckey-eddsa-01.txt

> On Aug 10, 2022, at 16:07, Robert Moskowitz wrote: > >  > >> On 8/10/22 16:04, Paul Wouters wrote: >>> Robert Moskowitz wrote: >>> I think I could have the IANA Considerations have a fix for 1 - 3 as well as add 4. >> Please do. I talked to IANA and they agreed this was the

Re: [IPsec] Warren Kumari's Discuss on draft-ietf-ipsecme-rfc8229bis-07: (with DISCUSS)

Hi Warren, thank you for this discussion, please see inline. > Warren Kumari has entered the following ballot position for > draft-ietf-ipsecme-rfc8229bis-07: Discuss > > When responding, please keep the subject line intact and reply to all email > addresses included in the To and CC lines.

Re: [IPsec] Fwd: New Version Notification for draft-moskowitz-ipsecme-ipseckey-eddsa-01.txt

On 8/10/22 16:04, Paul Wouters wrote: Robert Moskowitz wrote: I think I could have the IANA Considerations have a fix for 1 - 3 as well as add 4. Please do. I talked to IANA and they agreed this was the easiest solution. Should it be: * public key * Public key * Public Key ??

Re: [IPsec] Fwd: New Version Notification for draft-moskowitz-ipsecme-ipseckey-eddsa-01.txt

> > Robert Moskowitz wrote: > >> I think I could have the IANA Considerations have a fix for 1 - 3 as >> well as add 4. Please do. I talked to IANA and they agreed this was the easiest solution. Paul ___ IPsec mailing list IPsec@ietf.org

Re: [IPsec] Martin Duke's Discuss on draft-ietf-ipsecme-iptfs-13: (with DISCUSS and COMMENT)

Thanks for the explanation of the half-duplex mode. Would it be too much to include the following requirements? You seem to think they are redundant but they are not obvious to me from reading the text. Senders MUST encode a BlockLength consistent with the immediately preceding packet.

[IPsec] Warren Kumari's Discuss on draft-ietf-ipsecme-rfc8229bis-07: (with DISCUSS)

Warren Kumari has entered the following ballot position for draft-ietf-ipsecme-rfc8229bis-07: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to

Re: [IPsec] Martin Duke's Discuss on draft-ietf-ipsecme-iptfs-13: (with DISCUSS and COMMENT)

Martin Duke writes: Comments inline. On Tue, Aug 9, 2022 at 8:56 PM Christian Hopps wrote: Thanks for the thorough review! Comments inline.. Martin Duke via Datatracker writes: > (6) As malformed packets are sometimes an attack vector, it would be good to > specify

Re: [IPsec] Fwd: New Version Notification for draft-moskowitz-ipsecme-ipseckey-eddsa-01.txt

Robert Moskowitz wrote: >> I think it should have public and an errata could be filed for 1-3 ? >> Or we can draft a separate draft for encoding algo 14 (digital >> signatures) that also fixes up these entries ? >> >> Or this draft could fix them ? Maybe the chairs or AD

Re: [IPsec] Fwd: New Version Notification for draft-moskowitz-ipsecme-ipseckey-eddsa-01.txt

Paul Wouters wrote: >> On Aug 10, 2022, at 10:30, Robert Moskowitz >> wrote: >> >> I will fix my example. Do you think I should have both examples: with >> and without gateway? > No. First because you are not tunneling and it doesn’t apply to you and > second

Re: [IPsec] Can you review draft-ietf-ipsecme-iptfs as it is about tunnels

I'll paraphrase what I replied to on the ballot proposal deferment thread: We designed the encapsulation with IPsec/IP-TFS (IP traffic flow security) in mind. This work defines sending fixed-sized packets at a constant rate specifically decoupled from the user load to achieve a high degree of

Re: [IPsec] Martin Duke's Discuss on draft-ietf-ipsecme-iptfs-13: (with DISCUSS and COMMENT)

Comments inline. On Tue, Aug 9, 2022 at 8:56 PM Christian Hopps wrote: > > Thanks for the thorough review! Comments inline.. > > Martin Duke via Datatracker writes: > > > (6) As malformed packets are sometimes an attack vector, it would be > good to > > specify behavior in response to

Re: [IPsec] WGLC of draft-ietf-ipsecme-add-ike

I’ve done a review pass of this document. In general, I think it is technically good. I did find several places where I think additional clarity or editorial improvements could be made. To address these, I’ve proposed the following pull request:

[IPsec] Can you review draft-ietf-ipsecme-iptfs as it is about tunnels

Dear intarea/int-dir, I have a request for you about https://datatracker.ietf.org/doc/draft-ietf-ipsecme-iptfs/ While the draft name looks like it is about IPsec, it appears to me as an “aggregation and fragmentation” tunneling mechanism [1], i.e., it uses the ESP Next-header field (an IP

Re: [IPsec] Fwd: New Version Notification for draft-moskowitz-ipsecme-ipseckey-eddsa-01.txt

Paul, On 8/10/22 11:09, Paul Wouters wrote: On Aug 10, 2022, at 10:30, Robert Moskowitz wrote: I will fix my example.  Do you think I should have both examples: with and without gateway? No. First because you are not tunneling and it doesn’t apply to you and second because it can

Re: [IPsec] Fwd: New Version Notification for draft-moskowitz-ipsecme-ipseckey-eddsa-01.txt

> On Aug 10, 2022, at 10:30, Robert Moskowitz wrote: > > I will fix my example. Do you think I should have both examples: with and > without gateway? No. First because you are not tunneling and it doesn’t apply to you and second because it can only be set for IPSECKEY records in the

Re: [IPsec] Fwd: New Version Notification for draft-moskowitz-ipsecme-ipseckey-eddsa-01.txt

Tero, Thanks for the review. On 8/9/22 11:46, Tero Kivinen wrote: Robert Moskowitz writes: This latest ver is in response to comments recieved. Please review Appendix A that I have the RR properly set up. I think the priority needs to be in decimal, and you are missing the gateway address.

Re: [IPsec] Martin Duke's No Objection on draft-ietf-ipsecme-rfc8229bis-07: (with COMMENT)

Sounds good to me, we're all set modulo the thread with Joe. On Wed, Aug 10, 2022, 01:25 Valery Smyslov wrote: > Hi Martin, > > > > please see inline. > > > > On Mon, Aug 8, 2022 at 5:12 AM Valery Smyslov wrote: > > > > > (Sec 9.1) > > "TCP-in-TCP can also lead to "TCP meltdown", where stacked

Re: [IPsec] Paul Wouters' Yes on draft-ietf-ipsecme-rfc8229bis-07: (with COMMENT)

Hi Paul, thank you for the very thorough review (as usual) :-). Please see inline. > Paul Wouters has entered the following ballot position for > draft-ietf-ipsecme-rfc8229bis-07: Yes > > When responding, please keep the subject line intact and reply to all email > addresses included in the To

[IPsec] I-D Action: draft-ietf-ipsecme-yang-iptfs-07.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Maintenance and Extensions WG of the IETF. Title : A YANG Data Model for IP Traffic Flow Security Authors : Don Fedyk

Re: [IPsec] Éric Vyncke's Yes on draft-ietf-ipsecme-rfc8229bis-07: (with COMMENT)

Goedendag Paul, ;-) Thank you for your reply, Valery has also replied to my comments (and I agree with Valery's reply). Have a look below for EV> Regards -éric On 10/08/2022, 02:40, "Paul Wouters" wrote: On Tue, 9 Aug 2022, Éric Vyncke via Datatracker wrote: > ### Section 3 No

Re: [IPsec] Éric Vyncke's Yes on draft-ietf-ipsecme-rfc8229bis-07: (with COMMENT)

Hello Valery, Thanks again for the discussion, it should help improving the I-D. Look below for EV2> Cheers -éric On 09/08/2022, 18:03, "Valery Smyslov" wrote: Éric, please see my comments below. For readability I removed some of the stuff we agreed upon. > Hello Valery, >

Re: [IPsec] Martin Duke's No Objection on draft-ietf-ipsecme-rfc8229bis-07: (with COMMENT)

Hi Martin, please see inline. On Mon, Aug 8, 2022 at 5:12 AM Valery Smyslov < s...@elvis.ru> wrote: > > (Sec 9.1) > "TCP-in-TCP can also lead to "TCP meltdown", where stacked instances >of TCP can result in significant impacts to performance >