Re: [IPsec] [Lwip] draft-ietf-lwig-minimal-esp shepherd writeup

Mon, 22 Mar 2021 07:04:32 -0700 

On Mon, 22 Mar 2021, Mohit Sethi M wrote:


Adding Ben (IPsecME AD) and Erik (LWIG AD) to the CC list for an early heads up.

Thanks for reviewing the document. I'll let the authors provide answers to your 
review.

On the procedural side of things: this document is within the LWIG charter 
(https://datatracker.ietf.org/wg/lwig/charter/) and follows the path taken by 
Minimal IKEv2 which was also completed in LWIG as RFC
7815 (https://datatracker.ietf.org/doc/rfc7815/).

During the call for adoption, there was a general consensus to proceed in LWIG 
while keeping close contacts with IPsecME (as well as an agreement to issue a 
joint last call). Tero
(https://mailarchive.ietf.org/arch/msg/lwip/Shf2oUKvtIsb0uzY2zRwuBurm58/), 
Valery 
(https://mailarchive.ietf.org/arch/msg/lwip/p1i4hZBjn7PD3ksS9kh8C0ouUOU/) and 
Scott
(https://mailarchive.ietf.org/arch/msg/lwip/dF3eZXG8GTV-o7aH4BnFk2zlR6c/) for 
example provided reviews of the draft.


Thanks for the write up here.


I think your comments during the adoption 
(https://mailarchive.ietf.org/arch/msg/lwip/xDcICiuALZ2ExF3qwRCnhCQC3A0/) did 
not argue moving this draft to IPsecME (unless I missed something):

If the document is defining a minimum/battery optimized ESP
configuartion, I have no problems with it and I will review further
text and welcome adoption. If it makes changes to the ESP protocol,
then I think there should be more discussion before adoption.

Paul


I said that, but I think I am seeing changes to the ESP algorithm that
basically constitute a change to the ESP protocol. Furthermore, a bunch
of advise negating the advise in RFC 8223. And I still haven't heard
a justfication of some issues I raised either. Such as the doing a
full IKE exchange yet not being able to generate 4 bytes of random?


That being said, I am not fundamentally opposed to moving this document to 
IPsecME. However, it is important to consider that the document has already had 
a relatively long lifecycle in LWIG.


After you references I had given feedback, I went back and read that
message. I totally forgot I did that two years ago. But all the issues
I raised back then are still there unresolved.

Paul

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to