Re: [IPsec] [Technical Errata Reported] RFC5996 (3036)
Thanks for being so prompt. I'll mark it as verified. spt On 11/27/11 1:34 AM, Yoav Nir wrote: +1 On Nov 27, 2011, at 6:19 AM, Charlie Kaufman wrote: I believe this errata should be marked Verified. This is pretty clearly a case where the document was updated in one place and a needed corresponding update in another place was missed. --Charlie -Original Message- From: RFC Errata System [mailto:rfc-edi...@rfc-editor.org] Sent: Saturday, November 26, 2011 2:53 AM To: Charlie Kaufman; paul.hoff...@vpnc.org; y...@checkpoint.com; p...@iki.fi; stephen.farr...@cs.tcd.ie; turn...@ieca.com; paul.hoff...@vpnc.org; yaronf.i...@gmail.com Cc: val...@smyslov.net; ipsec@ietf.org; rfc-edi...@rfc-editor.org Subject: [Technical Errata Reported] RFC5996 (3036) The following errata report has been submitted for RFC5996, Internet Key Exchange Protocol Version 2 (IKEv2). -- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=5996eid=3036 -- Type: Technical Reported by: Valery Smyslovval...@smyslov.net Section: 3.10 Original Text - [...] Of the notifications defined in this document, the SPI is included only with INVALID_SELECTORS and REKEY_SA. Corrected Text -- [...] Of the notifications defined in this document, the SPI is included only with INVALID_SELECTORS, REKEY_SA and CHILD_SA_NOT_FOUND. Notes - Original text was carried over from RFC4306 and contradicts with the text in section 2.25, which clearly says that SPI field in CHILD_SA_NOT_FOUND notification is populated. Notification CHILD_SA_NOT_FOUND was not defined in RFC4306, and the whole section 2.25 is new to RFC5996. Instructions: - This errata is currently posted as Reported. If necessary, please use Reply All to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -- RFC5996 (draft-ietf-ipsecme-ikev2bis-11) -- Title : Internet Key Exchange Protocol Version 2 (IKEv2) Publication Date: September 2010 Author(s) : C. Kaufman, P. Hoffman, Y. Nir, P. Eronen Category: PROPOSED STANDARD Source : IP Security Maintenance and Extensions Area: Security Stream : IETF Verifying Party : IESG Scanned by Check Point Total Security Gateway. ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] Preparing a charter change for P2P VPN
On Nov 21, 2011, at 10:09 PM, Stephen Hanna wrote: The conclusion of Wednesday night's P2P VPN side meeting was that we would start a new thread on the proposed ipsecme charter change and resolve the open questions by email. Let's start off with the text that came out of Wednesday's meeting and the questions raised there. The text from the meeting describing the problem to be solved was: In an environment with many IPsec gateways and remote clients that share an established trust infrastructure (in a single administrative domain or across multiple domains), customers want to get on-demand mesh IPsec capability for efficiency. However, this cannot be feasibly accomplished only with today's IPsec and IKE due to problems with address lookup, reachability, policy configuration, etc. And the main open questions from the meeting were: * Should we create a problem statement and requirements draft? Yes, but I wouldn't mind if that PS/Requirements/Use-case document never got published. It's a means, not an end. * Should we create a Standards Track document with the solution or just document existing proprietary vendor solutions in Informational RFCs? Both. Yoav ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] [Technical Errata Reported] RFC5996 (3036)
I believe this errata should be marked Verified. This is pretty clearly a case where the document was updated in one place and a needed corresponding update in another place was missed. --Charlie -Original Message- From: RFC Errata System [mailto:rfc-edi...@rfc-editor.org] Sent: Saturday, November 26, 2011 2:53 AM To: Charlie Kaufman; paul.hoff...@vpnc.org; y...@checkpoint.com; p...@iki.fi; stephen.farr...@cs.tcd.ie; turn...@ieca.com; paul.hoff...@vpnc.org; yaronf.i...@gmail.com Cc: val...@smyslov.net; ipsec@ietf.org; rfc-edi...@rfc-editor.org Subject: [Technical Errata Reported] RFC5996 (3036) The following errata report has been submitted for RFC5996, Internet Key Exchange Protocol Version 2 (IKEv2). -- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=5996eid=3036 -- Type: Technical Reported by: Valery Smyslov val...@smyslov.net Section: 3.10 Original Text - [...] Of the notifications defined in this document, the SPI is included only with INVALID_SELECTORS and REKEY_SA. Corrected Text -- [...] Of the notifications defined in this document, the SPI is included only with INVALID_SELECTORS, REKEY_SA and CHILD_SA_NOT_FOUND. Notes - Original text was carried over from RFC4306 and contradicts with the text in section 2.25, which clearly says that SPI field in CHILD_SA_NOT_FOUND notification is populated. Notification CHILD_SA_NOT_FOUND was not defined in RFC4306, and the whole section 2.25 is new to RFC5996. Instructions: - This errata is currently posted as Reported. If necessary, please use Reply All to discuss whether it should be verified or rejected. When a decision is reached, the verifying party (IESG) can log in to change the status and edit the report, if necessary. -- RFC5996 (draft-ietf-ipsecme-ikev2bis-11) -- Title : Internet Key Exchange Protocol Version 2 (IKEv2) Publication Date: September 2010 Author(s) : C. Kaufman, P. Hoffman, Y. Nir, P. Eronen Category: PROPOSED STANDARD Source : IP Security Maintenance and Extensions Area: Security Stream : IETF Verifying Party : IESG ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec