Valery
Thank you for such a prompt reply.
I agree with all your comments and suggestions for new text.
Regards
-éric
-----Original Message-----
From: Valery Smyslov <s...@elvis.ru>
Date: Wednesday, 2 March 2022 at 08:10
To: Eric Vyncke <evyn...@cisco.com>, 'The IESG' <i...@ietf.org>
Cc: "draft-ietf-ipsecme-ikev2-intermedi...@ietf.org"
<draft-ietf-ipsecme-ikev2-intermedi...@ietf.org>, "ipsecme-cha...@ietf.org"
<ipsecme-cha...@ietf.org>, "ipsec@ietf.org" <ipsec@ietf.org>,
"ynir.i...@gmail.com" <ynir.i...@gmail.com>
Subject: RE: Éric Vyncke's No Objection on
draft-ietf-ipsecme-ikev2-intermediate-09: (with COMMENT)
Hi Éric,
thank you for your comments.
> Éric Vyncke has entered the following ballot position for
> draft-ietf-ipsecme-ikev2-intermediate-09: No Objection
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to
https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
> for more information about how to handle DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-intermediate/
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Thank you for the work put into this document.
>
> Please find below some non-blocking COMMENT points (but replies would be
> appreciated even if only for my own education).
>
> Special thanks to Yoav Nir for the shepherd's write-up including the
section
> about the WG consensus.
>
> I hope that this helps to improve the document,
>
> Regards,
>
> -éric
>
> ## Abstract
>
> The abstract would benefit by adding a few use cases / applicability
statement
> (per the shepherd's write-up and introduction, i.e., a hint for PQ
crypto).
I updated the abstract as follows:
This document defines a new exchange, called Intermediate Exchange,
for the Internet Key Exchange protocol Version 2 (IKEv2). This
exchange can be used for transferring large amounts of data in the
process of IKEv2 Security Association (SA) establishment. An example
of the need to do this is using Quantum Computer resistant key
exchange methods for IKE SA establishment. Introducing the
Intermediate Exchange allows re-using the existing IKE fragmentation
mechanism, that helps to avoid IP fragmentation of large IKE
messages, but cannot be used in the initial IKEv2 exchange.
Is it OK?
> ## Section 1
>
> s/If size of a message is large enough, IP fragmentation takes place/If
size of
> a message is larger than the MTU, IP fragmentation takes place/
I have no problem with this clarification, but I suggest s/MTU/PMTU
in the new text, since IP fragmentation for IPv4 can also take place
on the intermediate routers. So, if you don't mind, I'll change the text to:
"If the size of a message is larger than the PMTU, ..."
> RFC 7383 is dated 2014, is it still applicable in 2022 ?
Yes. The problems with correct handling of IP fragments in SOHO devices
still persist, as far as I know, so RFC 7383 is still applicable.
Most (if not all) IPsec vendors support it.
Thank you!
Regards,
Valery.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
