Re: [IPsec] WGLC on draft-mglt-ipsecme-implicit-iv-04

Hi Tero, Thanks for the review, It should be easy to fix. Yours, Daniel On Fri, Oct 27, 2017 at 11:30 AM, Tero Kivinen wrote: > Waltermire, David A. (Fed) writes: > > This message starts a Working Group Last Call (WGLC) for > > draft-mglt-ipsecme-implicit-iv-04. > > > > The version to be review

Re: [IPsec] Agenda for IETF 100

We support the proposals and will publish updated the documents regarding diet-esp and its associated IKEv2 extension. We believe draft-mglt-ipsecme-diet-esp and draft-ipsecme-ikev2-extention could be a good starting point. The proposed text for the charter could be: A growing number of use cases

Re: [IPsec] Agenda for IETF 100

Hi Valery, Absolutely, Diet-IKE would be a nice item have in the charter as well, but this is a different item. Currently the work on compressing esp has two items: * draft-mglt-ipsecme-diet-esp defines how to esp. * draft-mglt-ipsecme-ikev2-diet-esp-extension defines how peers agree on using die

Re: [IPsec] Agenda for IETF 100

Hi, A few years ago, we worked on fail-over, load balancing.. [1] and would be happy to help. Yours, Daniel [1] https://tools.ietf.org/html/draft-plmrs-ipsecme-ipsec-ikev2-context-definition-01 On Sun, Oct 29, 2017 at 2:55 AM, Valery Smyslov wrote: > Hi, > > The problem with IKE Redirect is t

Re: [IPsec] WGLC on draft-mglt-ipsecme-implicit-iv-04

Hi, This is the text I propose to address Valery comment regarding the IANA consideration section. Let me know if you have any comment on that. Yours, Daniel 8. IANA Considerations AES-CTR, AES-CCM, AES-GCM and ChaCha20-Poly1305 are likely to implement the implicit IV described in this d

Re: [IPsec] WGLC on draft-mglt-ipsecme-implicit-iv-04

Thanks for the feed back Valery. I am just waiting a bit in order to see if there is a consensus in a) not using suites that badly interfere with some extensions vs b) mentioning the suites must not be used wit these extensions. a) is definitively safer, but we may need b) later as well. Yours,

Re: [IPsec] Proposal for using Implicit IV for IKE

I am more incline to have IIV for iKEv2 in another document and as such we request the IANA to set the "IKEv2 Reference" to UNDEFINED. What about the following text ? [RFC8247] recommends the same suites for IKEv2. However some IKEv2 extensions such as [RFC6311] or [RFC7383] allow the Mess

Re: [IPsec] Proposal for using Implicit IV for IKE

siderations): >These algorithms should be added with this document as ESP Reference > and “Not Allowed” for IKEv2 Reference. > > This seems fitting for https://www.iana.org/assignments/ikev2-parameters/ > ikev2-parameters.xhtml#ikev2-parameters-5 > > A new document will change

Re: [IPsec] Proposal for using Implicit IV for IKE

ameters.xhtml#ikev2-parameters-5 > > A new document will change that. > > On 15 Nov 2017, at 10:10, Daniel Migault > wrote: > > I am more incline to have IIV for iKEv2 in another document and as such we > request the IANA to set the "IKEv2 Reference" to UNDEFINED. &g

Re: [IPsec] I-D Action: draft-ietf-ipsecme-implicit-iv-00.txt

Happy to update the document ! Any other feed backs are welcome as well. Yours, Daniel On Tue, Dec 12, 2017 at 11:53 PM, Paul Wouters wrote: > On Sun, 10 Dec 2017, Tero Kivinen wrote: > > Yes, and I fixed it on 2017-11-27 as can be seen from >> >> https://datatracker.ietf.org/doc/draft-ietf-ips

Re: [IPsec] Review of draft-ietf-ipsecme-implicit-iv-00

Hi David, Thank you for the review. I believe the version 01 [1] addresses your concerns. Yours, Daniel [1] https://tools.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-implicit-iv-01.txt On Thu, Mar 22, 2018 at 1:40 PM, Waltermire, David A. (Fed) < david.walterm...@nist.gov> wrote: > After reviewi

Re: [IPsec] Comments on draft-ietf-ipsecme-implicit-iv

Thank you Scott for your comments. I understand the first comment as a text clarification to comment on the mechanism provided by section 3.5 of RFC6407 and explicitely mention that is does not apply here. Does the replacement below addresses your concern ? OLD: Section 3.5 of [RFC6407] explai

Re: [IPsec] Comments on draft-ietf-ipsecme-implicit-iv

Thanks a lot Scott for the response. I am publishing the draft asap. Yours, Daniel On Tue, Mar 27, 2018 at 2:04 PM, Scott Fluhrer (sfluhrer) < sfluh...@cisco.com> wrote: > > > *From:* mglt.i...@gmail.com *On Behalf Of *Daniel > Migault > *Sent:* Tuesday, March 27, 2018

Re: [IPsec] Comments about draft-ietf-ipsecme-implicit-iv-02

Hi, Thank you Tero for the review. Please find in line my responses in line. version 02 of the draft has been updated accordingly to your review. Yours, Daniel On Fri, Apr 6, 2018 at 4:08 PM, Tero Kivinen wrote: > While doing my IANA review on the document I found some small nits > about it. H

Re: [IPsec] Comments about draft-ietf-ipsecme-implicit-iv-02

Hi Tero, Thanks for the response. Version 4 of the draft has been updated with this alternative. Yours, Daniel On Thu, May 10, 2018 at 10:53 AM, Tero Kivinen wrote: > Daniel Migault writes: > > another alternative could be: > > > > As the IV MUST NOT repeat for one

[IPsec] Linux networking conference @Montreal July 11-13

Hi, The Linux networking conference July 11-13 is happening in Montreal right before the IETF July 14 - 20. I thought it might be interesting for some of you to combine these two network related events. https://www.netdevconf.org/0x12/ Accepted sessions are announced on the flow. Some session

[IPsec] Small update on netdev 0x12 conference @IETF102 Montreal

Hi, Please find an update on the netdev 0x12 conference. Topics have been arranged according to IETF areas for more readability by Jamal. The conference is just prior the IETF 102 and only a 5 minute walk from IETF location! We hope to see you there! Yours, Daniel -- **Keynote by the

Re: [IPsec] WGLC on draft-ietf-ipsecme-implicit-iv-04

as a co-author, I believe that all comments received so far have been addressed and the resulting document is in good shape for the IESG. Yours, Daniel On Mon, Jun 18, 2018 at 12:00 PM, Waltermire, David A. (Fed) < david.walterm...@nist.gov> wrote: > Please note, this is a follow-up to the previ

Re: [IPsec] WGLC on draft-ietf-ipsecme-implicit-iv-04

Hi Valery, Thanks for the feedback. Here are the update I propose. If that is fine for everyone, I will update the current draft and publish a new version. Yours, Daniel On Tue, Jun 26, 2018 at 9:22 AM, Valery Smyslov wrote: > Hi, > > I reviewed the draft and I believe it is almost ready. Howe

Re: [IPsec] WGLC on draft-ietf-ipsecme-implicit-iv-04

> Multicast > >if some mechanisms are employed that prevent Sequence Number to overlap > >for one SA, otherwise Implicit IV MUST NOT be used with Multicast. > > > > Regards, > > Valery. > > > > > > *From:* mglt.i...@gmail.com [mailto:mglt.i..

Re: [IPsec] Geneve and IPsec - can we advise them ?

never heard of it ;-) I believe the first draft is documenting a solution implemented by VMware. At least this is my understanding of it. The second one is using a packet format for a Geneve option that looks like AH. I actually do not really see how this could "re-use" IPsec implementation while

Re: [IPsec] draft-carrel-ipsecme-controller-ike-00.txt

As discussed privately. I also like the draft. Yours, Daniel On Tue, Jul 17, 2018 at 6:35 PM, David Carrel (carrel) < carrel=40cisco@dmarc.ietf.org> wrote: > Thanks or the comments Dan. My responses are inline: > > > > 1. It seems both A and B are trusting their receipt of each other's > pub

Re: [IPsec] The LWIG WG has placed draft-mglt-lwig-minimal-esp in state "Call For Adoption By WG Issued"

Hi Heinrich, Thank you for reviewing the draft. Please find my response inline. I believe your concerns are addressed in the draft within the scope of the draft. The work you are mostly looking at would be an efficient TFC / dummy packet policy. This would more probably be in scope of ipsecme WG.

Re: [IPsec] The LWIG WG has placed draft-mglt-lwig-minimal-esp in state "Call For Adoption By WG Issued"

ice. > > Thisis correct. I mentioned it as maybe a starting point for the specific topic your mentioned. > Ciao > Heinrich > > On Wed, 29 Aug 2018 at 19:17, Daniel Migault > wrote: > >> Hi Heinrich, >> >> Thank you for reviewing the draft. Please find my r

Re: [IPsec] [Lwip] The LWIG WG has placed draft-mglt-lwig-minimal-esp in state "Call For Adoption By WG Issued"

Hi, Just to mention that of course, the draft will be updated to reflect the discussions / clarifications raised on the mailing list. Yours, Daniel On Tue, Sep 4, 2018 at 4:07 AM Mohit Sethi wrote: > Hi Tero, > > You raise some very interesting points here. > > I personally think that the draf

Re: [IPsec] [Lwip] The LWIG WG has placed draft-mglt-lwig-minimal-esp in state "Call For Adoption By WG Issued"

Thanks for the feed back, we will careful on the wording and make sure we address this. Thanks, Yours, Daniel ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec

Re: [IPsec] Call for WG Adoptation for draft-boucadair-ipsecme-ipv6-ipv4-codes

+1, there seems a problem to solve, so I support the adoption. The question I would raise are: * Do we want to add code and update IKEv2 or do we want to define an extension with IP46_SUPPORTED. For interoperability, the latest may be preferred. * Looking at the code points, I have the impression

Re: [IPsec] Proposals for IPsec Compression Mode for ESP Header Compression (EHC)

Thanks Tobias for bringing this topic. I would rather go with option 2). As EHC is not guaranteed to work for every packets, when a SA using EHC is activated, the host may associate to that SA an alternate SA for traffic where EHC does not apply (SA*). In some case SA* will not be different from a

Re: [IPsec] Daniel's comments (RE: Call for WG Adoptation for draft-boucadair-ipsecme-ipv6-ipv4-codes)

Thanks for your response, please see my response. Yours, Daniel On Wed, Oct 24, 2018 at 9:11 AM wrote: > Hi Daniel, > > > > Thank you for the comments. > > > > Please see inline. > > > > Cheers, > > Med > > > > *De :* IPsec [mailto

[IPsec] draft-boucadair-ipsecme-ipv6-ipv4-codes (too many codes)

Hi, One of the comment was the number of AF failure error. I think Med already answered this comment [1], see the question/answer below. If that does not address the question raised today, please describe how the number could be reduced. Please also state whether we should use one status code for

[IPsec] FW: [NetDev-People] 0x13: Registration is now open

Hi, Just to let you know that netdev0x13 is taking place just before the IETF. IPsec is never far away from a kernel conference, so it might worth attending the conference. If you are presenting, feel free to let us know on that thread! Yours, Daniel -Original Message- From: Jamal Ha

Re: [IPsec] Extra note to IKEv2 Transform registries

For now, I am fine either ways (reference or note) as long as the up-to date recommendations documents are "obviously" visible on the IANA page. If we want to have further changes, I believe we should have a sort of policy document that clarify / define the IANA page. In curdle we have long being c

[IPsec] netdev0x13 - ietf related topics

Hi, Please find among many others some IETF related topics [1] that will be discussed at netdev0x13 just before the IETF meeting in Pragues. Early bird registration is open until February 20. Netdev 0x13 will be held at Hotel Grandium in Prague, thi

[IPsec] EHC draft on github

Hi, After the presentation we were asked the link on github. Feel free to comment using github as well. Unfortunately, that is a xml format. https://github.com/mglt/draft-mglt-ipsecme-diet-esp Yours, Daniel ___ IPsec mailing list IPsec@ietf.org https:/

Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - key length is missing

Hi, Thanks Valery for your comment. My reading of the draft is that it only focuses on the generation of the nonce and leave the remaining to 4306 [1]. The use of a code points different from 4306 is to indicate the implicit IV - as opposed to a new transform. In this case, the negotiation of the

Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - key length is missing

y with non-supporting peers the > >initiator SHOULD also include those same algorithms without Implicit > >IV (IIV) as separate transforms.. > > > > Regards > > Tobias > > > > > > *Von:* Valery Smyslov > *Gesendet:* Mittwoch, 3. April 2019

Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - key length is missing

actice). So, I’d rather to remove this > part. > > > > Otherwise my comment is addressed. > > > > Thank you, > > Valery. > > > > > > *From:* Tobias Guggemos [mailto:gugge...@nm.ifi.lmu.de] > *Sent:* Wednesday, April 03, 2019 3:58 PM > *To:* 'Va

Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - key length is missing

On Wed, Apr 3, 2019 at 11:47 AM Valery Smyslov wrote: > Fine, thank you! > > > > Nit: > > s/including the Key Length/including using the Key Length attribute > > > > > > > > *From:* Daniel Migault [mailto:daniel.miga...@ericsson.com] > *Sent:* Wednesda

Re: [IPsec] draft-ietf-ipsecme-implicit-iv-06 - key length is missing

Just submitted thank you all for your comments and suggestions! Yours, Daniel On Fri, Apr 5, 2019 at 1:58 PM Tero Kivinen wrote: > Valery Smyslov writes: > > > One additional question came to my mind on whether we update the > > > RFC mentioned above or not. We could consider our document as an

[IPsec] FW: New Version Notification for draft-ietf-lwig-minimal-esp-00.txt

-Original Message- From: internet-dra...@ietf.org Sent: Sunday, April 07, 2019 4:11 PM To: Tobias Guggemos ; Daniel Migault Subject: New Version Notification for draft-ietf-lwig-minimal-esp-00.txt A new version of I-D, draft-ietf-lwig-minimal-esp-00.txt has been successfully submitted

Re: [IPsec] Comments on draft-ietf-lwig-minimal-esp-00

Thanks Scott for the comment. I will address them tomorrow, I am just sharing the review to the lwig list. Yours, Daniel On Sun, Jul 21, 2019 at 8:17 PM Scott Fluhrer (sfluhrer) wrote: > Comments: > > > >- I have issues with the draft’s emphasis on fixed SPI values. One >reason for the

Re: [IPsec] [Gen-art] Genart last call review of draft-ietf-ipsecme-implicit-iv-07

Thanks for the review Alissa. Yours, Daniel On Mon, Oct 14, 2019 at 9:22 AM Alissa Cooper wrote: > Joel, thanks for your review. I entered a No Objection ballot. > > Alissa > > > > On Sep 27, 2019, at 2:31 PM, Joel Halpern via Datatracker < > nore...@ietf.org> wrote: > > > > Reviewer: Joel Halpe

Re: [IPsec] Éric Vyncke's Discuss on draft-ietf-ipsecme-implicit-iv-07: (with DISCUSS and COMMENT)

Hi Éric, Thanks for the review. Please find my response inline as well as the updated text: https://github.com/mglt/draft-mglt-ipsecme-implicit-iv/blob/master/draft-ietf-ipsecme-implicit-iv.txt We will probably publish the new version by tomorrow. Yours, Daniel On Fri, Oct 11, 2019 at 5:16 AM

Re: [IPsec] FW: [secdir] Secdir review of draft-ietf-ipsecme-implicit-iv-07

:53 AM Daniel Migault wrote: > > > -Original Message- > From: secdir On Behalf Of Benjamin Kaduk > Sent: Monday, October 14, 2019 7:35 PM > To: Magnus Nyström > Cc: sec...@ietf.org > Subject: Re: [secdir] Secdir review of draft-ietf-ipsecme-implicit-iv-07 >

Re: [IPsec] Benjamin Kaduk's Discuss on draft-ietf-ipsecme-implicit-iv-07: (with DISCUSS and COMMENT)

Hi Benjamin, Thank you for the review. Please find my response inline as well as the updated text: https://github.com/mglt/draft-mglt-ipsecme-implicit-iv/blob/master/draft-ietf-ipsecme-implicit-iv.txt We will probably publish the new version by tomorrow. Yours, Daniel On Mon, Oct 14, 2019 at 7:

Re: [IPsec] Roman Danyliw's No Objection on draft-ietf-ipsecme-implicit-iv-07: (with COMMENT)

HI Roman, Thanks for the feed back. Please find my response inline as well as the updated text: https://github.com/mglt/draft-mglt-ipsecme-implicit-iv/blob/master/draft-ietf-ipsecme-implicit-iv.txt We will probably publish the new version by tomorrow. Yours, Daniel On Tue, Oct 15, 2019 at 8:11

Re: [IPsec] Adam Roach's Yes on draft-ietf-ipsecme-implicit-iv-07: (with COMMENT)

Hi Adam, Thanks for the feed back. All your comments have been fixed on the current local version available at: https://github.com/mglt/draft-mglt-ipsecme-implicit-iv/blob/master/draft-ietf-ipsecme-implicit-iv.txt We expect to publish the version tomorrow. Yours, Daniel On Tue, Oct 15, 2019 a

Re: [IPsec] Adam Roach's Yes on draft-ietf-ipsecme-implicit-iv-07: (with COMMENT)

Hi, Just to make everyone aware, we have issued a new version that we hope addresses all concerns. https://tools.ietf.org/html/draft-ietf-ipsecme-implicit-iv-08 Yours, Daniel On Tue, Oct 15, 2019 at 11:07 PM Daniel Migault wrote: > Hi Adam, > > Thanks for the feed back. All your comm

Re: [IPsec] Benjamin Kaduk's No Objection on draft-ietf-ipsecme-implicit-iv-08: (with COMMENT)

Hi Benjamin, Thanks you for the comments. Please see in line my responses. Yours, Daniel On Wed, Oct 16, 2019 at 11:30 PM Benjamin Kaduk via Datatracker < nore...@ietf.org> wrote: > Benjamin Kaduk has entered the following ballot position for > draft-ietf-ipsecme-implicit-iv-08: No Objection > >

Re: [IPsec] Benjamin Kaduk's No Objection on draft-ietf-ipsecme-implicit-iv-08: (with COMMENT)

Thank you for the response, I just published a new version with the mentioned text. Thank you again for the comments! Yours, Daniel On Fri, Oct 18, 2019 at 3:43 PM Benjamin Kaduk wrote: > On Thu, Oct 17, 2019 at 10:37:10PM -0400, Daniel Migault wrote: > >Hi Benjamin, > >

Re: [IPsec] [secdir] Adam Roach's Yes on draft-ietf-ipsecme-implicit-iv-07: (with COMMENT)

Melnikov wrote: > Hi Daniel, > On 17/10/2019 15:05, Daniel Migault wrote: > > Hi, > > Just to make everyone aware, we have issued a new version that we hope > addresses all concerns. > https://tools.ietf.org/html/draft-ietf-ipsecme-implicit-iv-08 > > Thank you fo

Re: [IPsec] Review of draft-ietf-lwig-minimal-esp-00

Thank you Valery for the detailed review. That is really much appreciated. We will update the document accordingly by the next few weeks also considering the feed backs from Scott. Yours, Daniel On Tue, Dec 3, 2019 at 8:08 AM Valery Smyslov wrote: > Hi, > > I reviewed draft-ietf-lwig-minimal-es

[IPsec] Netdev 0x14 co-located with IETF107

Hi, This is just to let you know that Netdev 0x14 is back co-locating with IETF 107 in Vancouver. There are several security related talks that may be of interest.. Note: Early bird registration is still open until 17th and that many other talks, sessions, workshops are also happening https://net

Re: [IPsec] Netdev 0x14 co-located with IETF107

https://netdevconf.info/0x14/news.html?schedule-up [2] https://netdevconf.info/0x14/schedule.html [3] https://netdevconf.info/0x14/registration.html On Thu, Feb 13, 2020 at 8:35 PM Daniel Migault wrote: > Hi, > > This is just to let you know that Netdev 0x14 is back co-locating with >

Re: [IPsec] Comments on draft-ietf-lwig-minimal-esp-00

r example[RFC8452] """ > >- > > > Typos: > >- a random SPI may consume to much -> too much >- fix SPI -> fixed SPI >- can be alleviate -> can be alleviated >- algorythm -> algorithm >- > > fixed > >

Re: [IPsec] Review of draft-ietf-lwig-minimal-esp-00

will be more >sensitive to traffic shaping. > > s/cannot not/cannot > s/minimal/minimal ESP > s/were relying/rely > > Section 7: > >Currently recommended >[RFC8221] only recommend crypto-suites with an ICV which makes the >ICV a mandatory field. > > s/recommend/recommends > > fixed > Section 8: > >The recommended suites to use are expect to evolve over time >and implementer SHOULD follow the recommendations provided by >[RFC8221] and updates. > > s/expect/expected > s/implementer/implementers > > fixed >Note that it >is not because a encryption algorithm transform is widely >deployed that is secured. > > s/a/an > fixed > > Regards, > Valery Smyslov. > > > -- Daniel Migault Ericsson ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec

[IPsec] Fwd: [Lwip] I-D Action: draft-ietf-lwig-minimal-esp-01.txt

: Daniel Migault Tobias Guggemos Filename: draft-ietf-lwig-minimal-esp-01.txt Pages : 14 Date: 2020-10-28 Abstract: This document describes a minimal implementation of the IP Encapsulation Security Payload (ESP) defined

Re: [IPsec] [Lwip] Review of draft-ietf-lwig-minimal-esp-00

Hi Tero, Thanks for the comments. Please find below how I updated the text on my local copy and let me know if that addresses your concerns. Yours, Daniel On Fri, Oct 30, 2020 at 3:26 PM Tero Kivinen wrote: > Daniel Migault writes: > >value SN needs to be considered instead.

Re: [IPsec] Comments on draft-ietf-lwig-minimal-esp-00

Hi Tero, Thanks for the comments. Please find below how I updated the text on my local copy and let me know if that addresses your concerns. Yours, Daniel On Fri, Oct 30, 2020 at 3:13 PM Tero Kivinen wrote: > Daniel Migault writes: > > The security consideration has been updated a

Re: [IPsec] Comments on draft-ietf-lwig-minimal-esp-00

ndom generators based on deterministic random functions. """ I believe that we do not necessarily need to go into more details that are related to specific transforms, but I am happy to hear otherwise. Yours, Daniel On Mon, Nov 2, 2020 at 9:00 AM Tero Kivinen wrote: > Daniel Mig

[IPsec] Fwd: [Lwip] I-D Action: draft-ietf-lwig-minimal-esp-02.txt

ernet-Drafts directories. This draft is a work item of the Light-Weight Implementation Guidance WG of the IETF. Title : Minimal ESP Authors : Daniel Migault Tobias Guggemos Filename: draft-ietf-lwig-minimal-esp-0

Re: [IPsec] [Lwip] draft-ietf-lwig-minimal-esp shepherd writeup

d they seem to use both crypto-suite and > cryptosuite. I have a preference for the later. Perhaps we can remove > the hyphen. > > I have removed the occurrences I found of crypt-suite and replaced them by cryptosuite. > - > > --Mohit > > > > _

Re: [IPsec] [Lwip] draft-ietf-lwig-minimal-esp shepherd writeup

Wouters wrote: > On Sun, 21 Mar 2021, Daniel Migault wrote: > > (replying to some issues here, but also added a full review of the > document) > > Side note: I am bit confused why this document would not be a document > from the IPsecME WG ? I know we talked about this

Re: [IPsec] [Lwip] draft-ietf-lwig-minimal-esp shepherd writeup

up sleep while limiting wake time, or reducing the use of random generation. > - figure out what to do with the FIPS reference on randomness (because >I don't think with continuous self test, it can be fully FIPS >compliant?) > The refer

Re: [IPsec] [Lwip] I-D Action: draft-ietf-lwig-minimal-esp-03.txt

t; > Title : Minimal ESP > Authors : Daniel Migault > Tobias Guggemos > Filename: draft-ietf-lwig-minimal-esp-03.txt > Pages : 14 > Date: 2021-03-24 > > Abstra

Re: [IPsec] [Lwip] Iotdir last call review of draft-ietf-lwig-minimal-esp-03

an “Some constraints include limiting the…” > done. thanks. > - Some qualification of “what is required from RFC 4303” is required…. > Perhaps you mean “the minimally required set of functions and states from > RFC > 4303 to achieve compliance and interoperability”? My suggestion may be to > just > remove this 2nd paragraph as its covered in the 3rd (though I think noting > interoperability should be there too). > I agree. done. > - I would think that there would be a strong issue if there are conflicts > with > RFC 4303?! So would suggest to remove that sentence or > Only that the RFC 4303 remains the authoritative spec to detail full > details of > ESP. > > done. thanks > Section 2: > - “constraint devices” should be “constrained devices” > > Section 8: > - For “Security”, suggest…”The chosen encryption algorithm MUST NOT be > known to > be vulnerable or weak” > > done. thanks. > > > ___ > Lwip mailing list > l...@ietf.org > https://www.ietf.org/mailman/listinfo/lwip > -- Daniel Migault Ericsson ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec

Re: [IPsec] secdir review of draft-ietf-lwig-minimal-esp-03

Hi David, Thanks the review. I think the text in [1] addresses your concern. I will probably publish the a new version today. Please see my responses inline. Yours, Daniel [1] https://github.com/mglt/draft-mglt-lwig-minimal-esp/pull/1/commits/fb9393a246298e37adcf2683afa2061a40b4ed89 -

Re: [IPsec] [Lwip] Iotdir last call review of draft-ietf-lwig-minimal-esp-03

update from that according to your response. Again thank you for the in depth review and the many comments that already result in many clarifications - at least I think so. Yours, Daniel On Tue, Mar 30, 2021 at 10:45 PM Daniel Migault wrote: > Hi Nancy, > > Thank you very much for yo

[IPsec] Fwd: [Lwip] I-D Action: draft-ietf-lwig-minimal-esp-05.txt

the on-line Internet-Drafts directories. This draft is a work item of the Light-Weight Implementation Guidance WG of the IETF. Title : Minimal ESP Authors : Daniel Migault Tobias Guggemos Filename: draft-ietf-lwig-minimal

Re: [IPsec] WGLC for draft-ietf-ipsecme-ikev1-algo-to-historic

(RFC > 6467) > >* did I forget something? > >But this is great! I agree that such a brief summary of the superior > features > would be better than a factually challenged "in every aspect" statement. > > regards, > >

Re: [IPsec] WGLC for draft-ietf-ipsecme-ikev1-algo-to-historic

ors. Not that I’m advocating to add that statement to the draft. > I think it’s fine as it is: just offering advice that systems should be > upgraded. > > Yoav > > On 29 Jun 2021, at 17:21, Daniel Migault wrote: > > I believe that the first sentence of section 3 says it all.

[IPsec] Heads up on Netdev conf 0x15 - not too late to attend!

shnan On Monday as well there will be an industry perspectives panel on smartnics which will involve 6 vendors and an industry veteran moderating the session. For registration go here: https://netdevconf.info/0x15/virtual.html Yours, Daniel -- Daniel Migault Eri

[IPsec] minimal esp

t; "provided as information"? > done: provided as informational * "Constraint devices" -> "Constrained devices" > done * "energy associated to it" -> "energy associated with it" > done [S10] [nit] * "associated to the management" -> "associated with the management" > done * "This usually include mechanisms to prevent a nonce to repeat for example." "This usually includes mechanisms to prevent a nonce from repeating, for example." > done * "in conjunction of" -> "in conjunction with" > done * "responsible to negotiate" -> "responsible for negotiating" -- Daniel Migault Ericsson ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec

Re: [IPsec] FW: New Version Notification for draft-liu-ipsecme-ikev2-rekey-redundant-sas-00.txt

ttack trying to break the current key. > > I only mentioned those reasons that we implemented... > > So, there are a lot of reasons for rekey. I think that the ability for any > peer to rekey at any time it thinks it is needed is a fundamental > property of IKEv2 and I think we should

Re: [IPsec] FW: New Version Notification for draft-liu-ipsecme-ikev2-rekey-redundant-sas-00.txt

gt; On Tue, Nov 30, 2021 at 8:21 AM Daniel Migault > wrote: > >> >> Thank you all for the comments. I believe there is a misunderstanding of >> the resource issue we are facing, so please find below a more detailed >> description. >> >> The resource i

Re: [IPsec] [Lwip] I-D Action: draft-ietf-lwig-minimal-esp-10.txt

ncapsulating Security Payload (ESP) > Authors : Daniel Migault > Tobias Guggemos > Filename: draft-ietf-lwig-minimal-esp-10.txt > Pages : 15 > Date: 2022-04-08 > > Abstract: >This

Re: [IPsec] Transport ESP and SCHC

v2 to enable ESP header > compression. > > Possible starting points are draft-mglt-ipsecme-diet-esp, > draft-mglt-ipsecme-ikev2-diet-esp-extension, > draft-smyslov-ipsecme-ikev2-compression and > draft-smyslov-ipsecme-ikev2-compact. > -- > kivi...@iki.fi > &g

Re: [IPsec] [Lwip] Paul Wouters' Discuss on draft-ietf-lwig-minimal-esp-08: (with DISCUSS and COMMENT)

, Apr 12, 2022 at 5:10 PM Paul Wouters wrote: > > On Tue, Apr 5, 2022 at 10:09 PM Daniel Migault > wrote: > >> Hi Paul, >> >> Thanks for commenting. Please find my responses below. >> >> Section 2: >> >>> >>> It suggests a parti

Re: [IPsec] Transport ESP and SCHC

seems ready for publication, so nothing really changing > it is possible. > > But what does diet-esp do instead? > > Squeezing down esp and adding support for SCHC ('easy' by adding it as an > IP Protocol) is of interest to me... > > Bob > > On 4/21/22 10:3

Re: [IPsec] Comments on draft-mglt-ipsecme-diet-esp-07

P over UDP? > > I think there is a need to define which layers will compress the inner UDP, and this is likely to depend on the TS values. > Anyway, stopping for now. More, I suspect, later. > > Oh, and NIST is having their 4th LWC workshop M-W, so I am busy with > that too! &

Re: [IPsec] Comments on draft-mglt-ipsecme-diet-esp-07

I applied your comments on my local copy. Please see some additional comments inline. Yours, Daniel On Thu, May 12, 2022 at 12:30 PM Robert Moskowitz wrote: > > > On 5/12/22 11:58, Daniel Migault wrote: > > Hi Bob, > > I apologize for the delayed response. I am hap

Re: [IPsec] More comments on draft-mglt-ipsecme-diet-esp-07

ransport mode example in App 1. :) > > If you get this draft active, I will work on providing that example. ;) > > sure, I will publish an updated version very soon. > > thanks. > > ___ > IPsec mailing list > IPsec@ietf

[IPsec] Fw: New Version Notification for draft-liu-ipsecme-ikev2-rekey-redundant-sas-01.txt

: Congjie Zhang; Harold Liu; Daniel Migault Subject: New Version Notification for draft-liu-ipsecme-ikev2-rekey-redundant-sas-01.txt A new version of I-D, draft-liu-ipsecme-ikev2-rekey-redundant-sas-01.txt has been successfully submitted by Daniel Migault and posted to the IETF repository. Name

[IPsec] Fw: New Version Notification for draft-liu-ipsecme-ikev2-mtu-dect-02.txt

: internet-dra...@ietf.org Sent: Friday, May 13, 2022 12:24 PM To: Congjie Zhang; Harold Liu; Daniel Migault; Renwang Liu Subject: New Version Notification for draft-liu-ipsecme-ikev2-mtu-dect-02.txt A new version of I-D, draft-liu-ipsecme-ikev2-mtu-dect-02.txt has been successfully submitted by Daniel

[IPsec] Fw: New Version Notification for draft-mglt-ipsecme-diet-esp-08.txt

an opinion. In any case, i believe the document is sufficiently advanced to get adopted. Yours, Daniel From: internet-dra...@ietf.org Sent: Friday, May 13, 2022 12:29 PM To: Carsten Bormann; Daniel Migault; David Schinazi; Tobias Guggemos Subject: New

[IPsec] Fw: New Version Notification for draft-mglt-ipsecme-ikev2-diet-esp-extension-02.txt

and that changes can be made once adopted. Yours, Daniel From: internet-dra...@ietf.org Sent: Friday, May 13, 2022 1:24 PM To: Daniel Migault; David Schinazi; Tobias Guggemos Subject: New Version Notification for draft-mglt-ipsecme-ikev2-diet-esp

Re: [IPsec] diet-esp - How do you know?

ith IKEv2. > > I guess the IKE stack has to signal this to the ESP implementation on what > to expect when > the policy is installed ? > > Paul > > ___ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec

Re: [IPsec] diet-esp - How do you know?

nsion-02 > > > > It's negotiated with IKEv2. > > > > I guess the IKE stack has to signal this to the ESP implementation on what > to expect when > > the policy is installed ? > > > > Paul > > > > _________

Re: [IPsec] diet-esp - How do you know?

? > > Next Header just says: ESP. > > On 5/24/22 16:23, Daniel Migault wrote: > > This is correct. IKEv2 is used both to agree on the use of Diet-ESP as > well as values to be used for the compression/decompression. > > Yours, > Daniel > > On Tue, May 24, 2022

Re: [IPsec] diet-esp - How do you know?

t; is intended to be processed; does that mean that the decrypter is expected > to just try to decrypt the packet with all the SAs he has and see which one > worked? > > > > *From:* IPsec *On Behalf Of *Daniel Migault > *Sent:* Tuesday, May 24, 2022 4:48 PM > *To:* Robert

Re: [IPsec] diet-esp - How do you know?

gt; with any other product. > > They were really not happy campers... > > On 5/24/22 16:47, Daniel Migault wrote: > > The issue only comes when a gateway wants to support all sizes of SPIs 0 - > 1 - 2 - 3 - 4 bytes - which is very unlikely. For a deterministic lookup, I > wo

Re: [IPsec] diet-esp - How do you know?

On Wed, May 25, 2022 at 8:15 AM Robert Moskowitz wrote: > > > On 5/24/22 17:26, Daniel Migault wrote: > > The IKE negotiation is for diet-esp is currently defined in a specific > draft: > > https://datatracker.ietf.org/doc/draft-mglt-ipsecme-ikev2-diet-esp-extension/ >

Re: [IPsec] Comments: New Version Notification for draft-mglt-ipsecme-diet-esp-08

t;any IP or Transport protocol"? To exclude layer 5 > > protocols (CoAP, RTP,,,)? > > > > Layer 5 protocols SHOULD be via standard SCHC with the SCHC Rule ID > > included... > > > > Or maybe 'typically'? As some layer 5 might be easy? RTP maybe? > > > > So this is it for this round of comments. I am looking at Appdx A and > > making a UDP example. Including IIV. > > > > Bob > > > > ___ > > IPsec mailing list > > IPsec@ietf.org > > https://www.ietf.org/mailman/listinfo/ipsec > > ___ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > -- Daniel Migault Ericsson ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec

Re: [IPsec] Comments: New Version Notification for draft-mglt-ipsecme-diet-esp-08

ayer 5 > protocols (CoAP, RTP,,,)? > > probably > Layer 5 protocols SHOULD be via standard SCHC with the SCHC Rule ID > included... > > I tend to agree. > Or maybe 'typically'? As some layer 5 might be easy? RTP maybe? > > So this is it for this round of comments. I am looking at Appdx A and > making a UDP example. Including IIV. > > Bob > > ___ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > -- Daniel Migault Ericsson ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec

Re: [IPsec] Comments: New Version Notification for draft-mglt-ipsecme-diet-esp-08

Yes, that what I then realized while reading the first email. At that point a document is needed wich could be pretty straight forward I believe. Yours, Daniel On Tue, Jun 7, 2022 at 8:50 AM Robert Moskowitz wrote: > > > On 6/7/22 08:43, Daniel Migault wrote: > > > > On

Re: [IPsec] IETF114 scheduling

Hi, If time permits, I would be happy to present: * IKEv2 Downstream Fragmentation Notification Extension and * IKEv2 Count Based SA Extension Yours, Daniel On Tue, Jun 28, 2022, 07:15 Robert Moskowitz wrote: > Right now, ipsecme is slotted together with tls. > > I guess they assume no overl

Re: [IPsec] [Lwip] Paul Wouters' Discuss on draft-ietf-lwig-minimal-esp-08: (with DISCUSS and COMMENT)

to the RFC queue and if there is anything expected from my side. Yours, Daniel On Mon, Apr 25, 2022 at 2:19 PM Daniel Migault wrote: > Hi Paul, > > Please find my response to your comments. The current version of the file > integrates the language changes as well as changes to

Re: [IPsec] [Lwip] Paul Wouters' Discuss on draft-ietf-lwig-minimal-esp-08: (with DISCUSS and COMMENT)

version published, please see my response inline to your comments. [1] https://www.ietf.org/archive/id/draft-ietf-lwig-minimal-esp-11.txt Yours, Daniel On Mon, Jul 18, 2022 at 3:31 PM Paul Wouters wrote: > On Mon, 18 Jul 2022, Daniel Migault wrote: > > > My reading of the datatracker

Re: [IPsec] [Lwip] Paul Wouters' Discuss on draft-ietf-lwig-minimal-esp-08: (with DISCUSS and COMMENT)

Hi Paul, Thanks for the response. Please see my responses inline. Yours, Daniel On Tue, Jul 19, 2022 at 11:47 AM Paul Wouters wrote: > On Mon, 18 Jul 2022, Daniel Migault wrote: > > > The limited SPI numbers and rekeying is still not clear to me. > > We exchange

Re: [IPsec] [Lwip] Paul Wouters' Discuss on draft-ietf-lwig-minimal-esp-08: (with DISCUSS and COMMENT)

at you wrote is "this is a problem". Instead, I think you should state > > something like "Using time based SN should only be used when it is known > > that the remote peer supports this or when it is known that anti-replay > > windows are disabled". > -- > kivi...@iki.fi > -- Daniel Migault Ericsson ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec

  1   2   3   >