A new Request for Comments is now available in online RFC libraries.
RFC 9349
Title: Definitions of Managed Objects for
IP Traffic Flow Security
Author: D. Fedyk,
E. Kinzie
Status: Standards Track
A new Request for Comments is now available in online RFC libraries.
RFC 9348
Title: A YANG Data Model for IP Traffic Flow Security
Author: D. Fedyk,
C. Hopps
Status: Standards Track
Stream: IETF
Date:
A new Request for Comments is now available in online RFC libraries.
RFC 9347
Title: Aggregation and Fragmentation Mode for
Encapsulating Security Payload (ESP) and
Its Use for IP Traffic Flow Security (IP-TFS)
Autho
On Tue, 31 Jan 2023, Valery Smyslov wrote:
The WG thought this would be a worse solution.
This could be solved by adding only two new TS types
TS_IPV4_ADDR_RANGE_WITH_CONSTRAINTS and TS_IPV6_ADDR_RANGE_WITH_CONSTRAINTS
with a format that allows to add new constraints to the Traffic Selector.
Re-,
We added more examples as suggested by Tero (thanks).
The token now is with Paul ;-)
Cheers,
Med
> -Message d'origine-
> De : IPsec De la part de internet-
> dra...@ietf.org
> Envoyé : mardi 31 janvier 2023 17:10
> À : i-d-annou...@ietf.org
> Cc : ipsec@ietf.org
> Objet : [IPsec]
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions WG of
the IETF.
Title : Internet Key Exchange Protocol Version 2 (IKEv2)
Configuration for Encrypted DNS
Authors
Tero Kivinen has requested publication of draft-ietf-ipsecme-add-ike-07 as
Proposed Standard on behalf of the IPSECME working group.
Please verify the document's state at
https://datatracker.ietf.org/doc/draft-ietf-ipsecme-add-ike/
___
IPsec mailing
mohamed.boucad...@orange.com writes:
> This version takes into account Tero's review, mainly:
>
> * Indicate the encoding of the addresses
> * Split the ENCDNS_DIGEST_INFO figure into two
> * Add some text about CFG_ACK
> * clarify how the digest is computed
> * Add some examples
>
> and some oth
Re-,
Please see inline.
Cheers,
Med
> -Message d'origine-
> De : Tero Kivinen
> Envoyé : mardi 31 janvier 2023 15:33
> À : BOUCADAIR Mohamed INNOV/NET
> Cc : Valery Smyslov ; draft-ietf-ipsecme-
> add-...@ietf.org; ipsec@ietf.org
> Objet : RE: [IPsec] Shepherd review of the draft-ietf
mohamed.boucad...@orange.com writes:
> [Med] Yes, the initiator may include a suggested ALPN (protocol) for
> example to specifically indicate it is looking for DoT (or another
> protocol). The initiator may omit the ADN, but only include service
> parameters (typically, ALPN) to indicate a preferr
Re-,
Please see inline.
Cheers,
Med
> -Message d'origine-
> De : Tero Kivinen
> Envoyé : mardi 31 janvier 2023 15:20
> À : BOUCADAIR Mohamed INNOV/NET
> Cc : Valery Smyslov ; draft-ietf-ipsecme-
> add-...@ietf.org; ipsec@ietf.org
> Objet : RE: [IPsec] Shepherd review of the draft-ietf
> > > Actually is there any point of having ADN Length and Authenticated
> > > Domain Name in CFG_REQUESTS ever? Why would someone calculate hashes
> > > with certain domain names with different hash algorithms? Perhaps we
> > > should define the format for CFG_REQUEST as follows:
> > >
> > >
> > >
Re-,
This version takes into account Tero's review, mainly:
* Indicate the encoding of the addresses
* Split the ENCDNS_DIGEST_INFO figure into two
* Add some text about CFG_ACK
* clarify how the digest is computed
* Add some examples
and some other minor edits.
Cheers,
Med
> -Message d'o
mohamed.boucad...@orange.com writes:
> > of the cases the information in IANA registries are already in the
> > normative reference RFCs
>
> RFCs may include stale/inaccurate values (e.g., new/deprecated
> values). The IANA registry is authoritative.
Yes, but you only need one value to actually i
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Maintenance and Extensions WG of
the IETF.
Title : Internet Key Exchange Protocol Version 2 (IKEv2)
Configuration for Encrypted DNS
Authors
Valery Smyslov writes:
> Hi Tero,
>
> few comments inline.
>
> [a lot of text snipped]
>
> > This document should simply say that TS_SECLABEL MUST NOT be used
> > alone. This document must not try to do incompatible change to the
> > base RFC7296 which would make conforming implemntations
> > no
Re-,
Please see inline.
Cheers,
Med
> -Message d'origine-
> De : Tero Kivinen
> Envoyé : mardi 31 janvier 2023 14:49
> À : BOUCADAIR Mohamed INNOV/NET
> Cc : Valery Smyslov ; draft-ietf-ipsecme-
> add-...@ietf.org; ipsec@ietf.org
> Objet : RE: [IPsec] Shepherd review of the draft-ietf
Hi Paul,
> > The "proper" way would be to introduce new TS types
> > TS_IPV4_ADDR_RANGE_WITH_SECLABEL and TS_IPV6_ADDR_RANGE_WITH_SECLABEL.
> > I recall that it was already tried before, but I don't remember
> > why this way was abandoned.
>
> The fear of combinatory explosion if something else g
Re-,
Not sure to follow this:
> of the cases the information in IANA registries are already in the
> normative reference RFCs
RFCs may include stale/inaccurate values (e.g., new/deprecated values). The
IANA registry is authoritative.
I still think maintaining the refs as they are is aligned wi
mohamed.boucad...@orange.com writes:
> > > Also the text in Num Addresses indicate that it would be valid
> > to send
> > > CFG_REQUEST with proposed Service Priority, but having Num
> > Addresses
> > > set to zero?
> > >
> > > Is this intended? I.e., is the client allowed to request data,
> > but
On Tue, 31 Jan 2023, Valery Smyslov wrote:
This document should simply say that TS_SECLABEL MUST NOT be used
alone. This document must not try to do incompatible change to the
base RFC7296 which would make conforming implemntations
non-conforming.
Unfortunately, this won't work. It is not enou
Valery Smyslov writes:
> > In section 3.2 it is not clear what the length of the Hash Algorithm
> > Identifiers fields is. It contains list of hash algorithms or one hash
> > algorithm if this is response, but it is not clear what is response.
>
> What was meant is that a list of hashes is sent by
Hi Tero,
few comments inline.
[a lot of text snipped]
> This document should simply say that TS_SECLABEL MUST NOT be used
> alone. This document must not try to do incompatible change to the
> base RFC7296 which would make conforming implemntations
> non-conforming.
Unfortunately, this won't wo
Hi all,
Please see inline for additional comment to those already provided by Valery.
Cheers,
Med
> -Message d'origine-
> De : Valery Smyslov
> Envoyé : mardi 31 janvier 2023 09:20
> À : 'Tero Kivinen' ; draft-ietf-ipsecme-add-
> i...@ietf.org
> Cc : ipsec@ietf.org
> Objet : RE: [IPse
On Tue, 31 Jan 2023 at 13:49, Valery Smyslov wrote:
> Hi Tero,
>
> thank you for the review. Please see inline.
>
> > Here are some my review comments while reading
> > draft-ietf-ipsecme-add-ike:
> >
> > --
> > The text in secti
Hi Tero,
thank you for the review. Please see inline.
> Here are some my review comments while reading
> draft-ietf-ipsecme-add-ike:
>
> --
> The text in section 3.1 should say that if length is 0, then no
> Service Priority, Nu
26 matches
Mail list logo
