Re: [IPsec] Dnsdir last call review of draft-ietf-ipsecme-add-ike-09

2023-03-20 Thread Tero Kivinen
mohamed.boucad...@orange.com writes: > As you can see at https://tinyurl.com/add-ike-latest, the note is > updated as follows: > > Note: [RFC8598] requires INTERNAL_IP6_DNS (or INTERNAL_IP4_DNS) > attribute to be mandatory present when INTERNAL_DNS_DOMAIN is > included. This

Re: [IPsec] Dnsdir last call review of draft-ietf-ipsecme-add-ike-09

2023-03-20 Thread mohamed.boucadair
Hi Tero, As you can see at https://tinyurl.com/add-ike-latest, the note is updated as follows: Note: [RFC8598] requires INTERNAL_IP6_DNS (or INTERNAL_IP4_DNS) attribute to be mandatory present when INTERNAL_DNS_DOMAIN is included. This specification relaxes that constraint

Re: [IPsec] Dnsdir last call review of draft-ietf-ipsecme-add-ike-09

2023-03-20 Thread Tero Kivinen
Valery Smyslov writes: > > I mean if initiator proposes: > > > >CP(CFG_REQUEST) = > > INTERNAL_IP6_ADDRESS() > > ENCDNS_IP6() > > ENCDNS_DIGEST_INFO(0, (SHA2-256, SHA2-384, SHA2-512)) > > INTERNAL_DNS_DOMAIN() > > > > to indicate that it only wants to talk ENCDNS server,

Re: [IPsec] Dnsdir last call review of draft-ietf-ipsecme-add-ike-09

2023-03-20 Thread Valery Smyslov
Hi Tero, > mohamed.boucad...@orange.com writes: > > > But my understanding is that this is not the case here, as if you > > > send INTERNAL_DNS_DOMAIN without INTERNAL_IP*_DNS but with > > > ENCDNS_IP* to implementations supporting old RFC, > > > > [Med] Responders know when it will break. They

Re: [IPsec] Dnsdir last call review of draft-ietf-ipsecme-add-ike-09

2023-03-19 Thread Tero Kivinen
mohamed.boucad...@orange.com writes: > > But my understanding is that this is not the case here, as if you > > send INTERNAL_DNS_DOMAIN without INTERNAL_IP*_DNS but with > > ENCDNS_IP* to implementations supporting old RFC, > > [Med] Responders know when it will break. They will basically supply

Re: [IPsec] Dnsdir last call review of draft-ietf-ipsecme-add-ike-09

2023-03-17 Thread mohamed.boucadair
Hi Tero, Please see inline. Cheers, Med > -Message d'origine- > De : Tero Kivinen > Envoyé : vendredi 17 mars 2023 14:29 > À : BOUCADAIR Mohamed INNOV/NET > Cc : Patrick Mevzek ; > dns...@ietf.org; draft-ietf-ipsecme-add-ike@ietf.org; > ipsec@ietf.org; last-c...@ietf.org > Objet :

Re: [IPsec] Dnsdir last call review of draft-ietf-ipsecme-add-ike-09

2023-03-17 Thread Tero Kivinen
mohamed.boucad...@orange.com writes: > > At the IETF process level, which I don't master, because of last > > note in §4, shouldn't that document explicitly say it updates > > RFC8598? > > [Med] We discussed this point at the time (and I was personally for > adding the header), but we didn't

Re: [IPsec] Dnsdir last call review of draft-ietf-ipsecme-add-ike-09

2023-03-17 Thread mohamed.boucadair
Hi Patrick, Thank you for the careful review. Really appreciated. A candidate version to address your review can be seen at: https://tinyurl.com/add-ike-latest. Let's us know if any further change is needed. Please see inline for more context. Cheers, Med > -Message d'origine- > De