Re: [IPsec] Barry Leiba's No Objection on draft-ietf-ipsecme-qr-ikev2-10: (with COMMENT)
On Tue, Jan 07, 2020 at 09:46:43PM -0800, Barry Leiba via Datatracker wrote: > Barry Leiba has entered the following ballot position for > draft-ietf-ipsecme-qr-ikev2-10: No Objection > [...] > > I also find it interesting that Alexey thought you needed to add a normative > reference for “ASCII”, bit not for “base64”. Personally, I think both are > sufficiently well known that you need neither. In this case I'm inclined to agree, given the way that the base64 alphabet is used. (We do sometimes get into trouble with base64 vs. base64url, and I've asked for specific section references on occasion to disambiguate...) -Ben ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] Barry Leiba's No Objection on draft-ietf-ipsecme-qr-ikev2-10: (with COMMENT)
All good, Valery, and thanks for the quick response. Barry On Wed, Jan 8, 2020 at 4:42 AM Valery Smyslov wrote: > > Hi Barry, > > > Barry Leiba has entered the following ballot position for > > draft-ietf-ipsecme-qr-ikev2-10: No Objection > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-ipsecme-qr-ikev2/ > > > > > > > > -- > > COMMENT: > > -- > > > > Yes, an interesting document, and thanks for that. A few editorial > > comments: > > > > — Section 1 — > > > >to be quantum resistant, that is, invulnerable to an attacker with a > >quantum computer. > > > > “Invulnerable” isn’t the same as “not vulnerable”: it has a stronger > > connotation. You should probably use “not vulnerable” or “resistant” > > instead. > > OK, thanks. > > >By bringing post- > >quantum security to IKEv2, this note removes the need to use > > > > Make it “this document”, please. > > OK. > > >This document does not replace the > >authentication checks that the protocol does; instead, it is done as > >a parallel check. > > > > What’s the antecedent to “it”? Should “it is” instead be “they are”? > > I think it was meant that using PPK doesn't directly influence peer > authentication > in IKEv2, but I agree that the wording is not clear enough. > It's probably better to rephrase it: > > This document does not replace the > authentication checks that the protocol does; instead, they are > strengthened by using an additional secret key. > > Is it better? > > > — Section 3 — > > > >when the initiator believes it has a mandatory to use PPK > > > > You need hyphens in “mandatory-to-use”. > > OK. > > THank you, > Valery. > > > > > — > > > > I also find it interesting that Alexey thought you needed to add a normative > > reference for “ASCII”, bit not for “base64”. Personally, I think both are > > sufficiently well known that you need neither. > > > > ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
Re: [IPsec] Barry Leiba's No Objection on draft-ietf-ipsecme-qr-ikev2-10: (with COMMENT)
Hi Barry, > Barry Leiba has entered the following ballot position for > draft-ietf-ipsecme-qr-ikev2-10: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-ipsecme-qr-ikev2/ > > > > -- > COMMENT: > -- > > Yes, an interesting document, and thanks for that. A few editorial > comments: > > — Section 1 — > >to be quantum resistant, that is, invulnerable to an attacker with a >quantum computer. > > “Invulnerable” isn’t the same as “not vulnerable”: it has a stronger > connotation. You should probably use “not vulnerable” or “resistant” > instead. OK, thanks. >By bringing post- >quantum security to IKEv2, this note removes the need to use > > Make it “this document”, please. OK. >This document does not replace the >authentication checks that the protocol does; instead, it is done as >a parallel check. > > What’s the antecedent to “it”? Should “it is” instead be “they are”? I think it was meant that using PPK doesn't directly influence peer authentication in IKEv2, but I agree that the wording is not clear enough. It's probably better to rephrase it: This document does not replace the authentication checks that the protocol does; instead, they are strengthened by using an additional secret key. Is it better? > — Section 3 — > >when the initiator believes it has a mandatory to use PPK > > You need hyphens in “mandatory-to-use”. OK. THank you, Valery. > > — > > I also find it interesting that Alexey thought you needed to add a normative > reference for “ASCII”, bit not for “base64”. Personally, I think both are > sufficiently well known that you need neither. > ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
[IPsec] Barry Leiba's No Objection on draft-ietf-ipsecme-qr-ikev2-10: (with COMMENT)
Barry Leiba has entered the following ballot position for draft-ietf-ipsecme-qr-ikev2-10: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-ipsecme-qr-ikev2/ -- COMMENT: -- Yes, an interesting document, and thanks for that. A few editorial comments: — Section 1 — to be quantum resistant, that is, invulnerable to an attacker with a quantum computer. “Invulnerable” isn’t the same as “not vulnerable”: it has a stronger connotation. You should probably use “not vulnerable” or “resistant” instead. By bringing post- quantum security to IKEv2, this note removes the need to use Make it “this document”, please. This document does not replace the authentication checks that the protocol does; instead, it is done as a parallel check. What’s the antecedent to “it”? Should “it is” instead be “they are”? — Section 3 — when the initiator believes it has a mandatory to use PPK You need hyphens in “mandatory-to-use”. — I also find it interesting that Alexey thought you needed to add a normative reference for “ASCII”, bit not for “base64”. Personally, I think both are sufficiently well known that you need neither. ___ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec