On Apr 7, 2013, at 12:33 AM, Ulrich Herberg ulr...@herberg.name wrote:
Indeed. The wikipedia entry is somewhat misleading though:
http://en.wikipedia.org/wiki/April_Fools%27_Day_RFC
Almost every April Fools' Day (1 April) since 1989, the Internet
Engineering Task Force has published one or
On Mar 29, 2013, at 1:45 PM, Joseph Bonneau jbonn...@gmail.com wrote:
Hopefully, it's not just Google that implements this. I guess any browser
that implements this will have some kind of reset button (like they have for
other stuff) that will erase all pins. So the site is not really
On Mar 29, 2013, at 5:15 PM, Ryan Sleevi sle...@google.com wrote:
On Fri, Mar 29, 2013 at 10:45 AM, Joseph Bonneau jbonn...@gmail.com wrote:
Hopefully, it's not just Google that implements this. I guess any browser
that implements this will have some kind of reset button (like they have
On Mar 27, 2013, at 7:16 PM, Joseph Bonneau jbonn...@gmail.com
wrote:
So, 30 days, or 60 days, we can argue about. But 1 year might be too
long a time — if we decide to have a mandated max max-age, instead of
just providing UA implementation advice.
Is there consensus that we should
The text works for me.
On Mar 27, 2013, at 6:54 PM, websec issue tracker
trac+web...@grenache.tools.ietf.org
wrote:
#55: Clarify that the newest pinning information takes precedence
Comment (by pal...@google.com):
Ryan Sleevi has added text to the working copy that I believe resolves
I'm kind of partial to session management
On Mar 13, 2013, at 11:49 PM, Phillip Hallam-Baker hal...@gmail.com wrote:
The main substantive query that seemed to be raised in the meeting was
what we are going to call this session continuation thing. I am not
that worried about confusion with
I agree that this is not just for the formal leaders. But mentoring is also not
for everyone. I would guess that WG chairs, IAB and IESG members are more
likely to know who would be good mentors for a particular group or area. Eugene
Terrell would not be a good mentor, despite having authored
On Mar 14, 2013, at 10:03 AM, Ted Lemon ted.le...@nominum.com wrote:
I think it might also be worth encouraging working group chairs to have
working group breakfast or lunch meetings (RSVP required) where newcomers are
invited to come meet the chairs and chairs can strategically invite a
On Mar 14, 2013, at 9:38 AM, Valery Smyslov sva...@gmail.com wrote:
Hi Yoav.
I agree that term authenticated is a bit misleading here.
The better term would be integrity protected.
In our proposal receiver can be absolutely sure that
each fragment comes from the very peer he/she
On Mar 14, 2013, at 10:27 AM, Paul Wouters p...@cypherpunks.ca wrote:
On Thu, 14 Mar 2013, Yoav Nir wrote:
Measurably more, because MAC functions have an initialization part, so
running it on a single packet by parts incurs the per-run overhead multiple
times. See the differences
On Mar 14, 2013, at 10:29 AM, Tero Kivinen kivi...@iki.fi
wrote:
Yoav Nir writes:
There is no DH calculating per fragment. DH is calculated once in
IKE_SA_INIT as in ordinary IKE SA establishment (note, that
unprotected messages, including IKE_SA_INIT and IKE_SA_RESUME
cannot be fragmented
On Mar 13, 2013, at 10:58 AM, Paul Wouters p...@nohats.ca wrote:
On Wed, 13 Mar 2013, Valery Smyslov wrote:
Or are you talking about the fictional IETF document (not yet written)
describing existing IKEv1 fragmentation? Probably it is better that
the authors of that solution document it.
On Mar 13, 2013, at 10:06 AM, Valery Smyslov sva...@gmail.com wrote:
Hi Yaron,
I believe the DoS argument is incorrect, because the message we are most
worried about (most likely to get fragmented) is IKE_AUTH, and at this point
both peers are not yet authenticated, of course. So
On Mar 11, 2013, at 1:43 PM, Arturo Servin arturo.ser...@gmail.com
wrote:
Hi,
I have been reading the comments in the list and although I am not
making a specific reply to any message I would like to make some comments.
So far I have read I agree we need some diversity or I
On Mar 5, 2013, at 12:26 PM, Daniel Kahn Gillmor d...@fifthhorseman.net
wrote:
On 03/04/2013 07:57 PM, Ryan Sleevi wrote:
As discussed during Atlanta, the way that pinning is currently implemented
within Google Chrome, pinning is only enforced as it relates to so-called
public trust anchors
On Mar 4, 2013, at 4:31 PM, Tero Kivinen kivi...@iki.fi wrote:
Anoop V A (anova) writes:
Hello experts,
I have a generic doubt regarding the ISAKMP SA(phase 1) life time
negotiation. My query is can we agree up on the ISAKMP life
time in the first two messages of MM or AM.
Hi Christian
There may be ways in some environments to push updates, but it's neither
universal nor reliable. So the perception is correct. It's not much different
from waiting for the NextUpdate time of the CRL.
And the solution is also the same: short TTLs, frequent CRL updates, short
Hi, Jari.
On Feb 25, 2013, at 9:03 PM, Jari Arkko jari.ar...@piuha.net wrote:
Agree with what John, Brian, and others have said. FWIW, at times -
particularly with documents having some controversy - the ADs are left
wondering what the silent majority is thinking. So in some cases the
Hi SM
The W3C one is from a very old document, the first draft of which dates back to
2005. Anne van Kesteren has been editing it since 2007.
The Origin header was first mentioned in the draft from September 2008. There
it is sully explained.
In 2009 the name of the document was changed to
On Feb 13, 2013, at 10:24 PM, Julian Reschke julian.resc...@gmx.de
wrote:
Well.
You make it sound as if it's ok to run two different registries with partly
overlapping values. It's not. It's a bug in the way IANA handles this. This
is what needs to be fixed.
Best regards, Julian
I
On Feb 12, 2013, at 2:57 AM, Abdussalam Baryun abdussalambar...@gmail.com
wrote:
Many said to me before as you do RFC don't change, it is already known
in any org that documents don't change when published.
I think the reason this keeps coming up, is that the IETF documents are usually
FYI
Begin forwarded message:
From: Ben Laurie b...@google.commailto:b...@google.com
Subject: Re: [secdir] Fwd: RE: SecDir review of
draft-williams-websec-session-continue-prob-00
Date: February 7, 2013 3:58:27 AM GMT+02:00
To: Stephen Farrell
Yes. Tobias will submit a revised version soon, incorporating the WGLC comments.
Yoav
On Jan 29, 2013, at 3:20 PM, Julian Reschke julian.resc...@gmx.de
wrote:
On 2012-11-06 18:25, Julian Reschke wrote:
Hi there,
here's my feedback from the HTTP/editorial point of view:
...
Just
Hi
I've shown this draft to a co-worker of mine (not on this list), and asked for
a review. Here's some comments:
- Overall, this is an interesting problem.
- The document is missing a list of deficiencies with using Cookies
- Section 2.1 says that TLS protects against replay. Really? How?
On Jan 5, 2013, at 6:51 AM, John Levine jo...@taugh.com wrote:
So if you don't attend IEEE, quit your whining: at least you won't have
to eat he same hotel food for 2 weeks in a row...
You don't have to eat there. Check out the reviews of this restaurant
across the street:
On Dec 31, 2012, at 10:22 PM, Michael Richardson m...@sandelman.ca wrote:
Dave == Dave Crocker d...@dcrocker.net writes:
Dave Quick, name five reasons to go to Orlando. Here are mine:
Dave Puerto Rican
Dave delicacies, alternative cinema, craft beer, African-American
Dave
I agree.
On Dec 26, 2012, at 7:58 PM, Valery Smyslov sva...@gmail.com wrote:
Hi Yaron,
oh, you've catched one more error in this text - it mixed up terms ticket
(used in RFC5723 as Session Resumption ticket) and token
(used in RFC6290 as QCD token). I din't notice that. You are right,
Hi
I agree with point #2. I'll leave it to some of the session resumption experts
to comment on point #1.
It's a little late for Merry Christmas, so just happy new year.
Yoav
-Original Message-
From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of
Valery Smyslov
Hi Valery
Thinking it over, I kind of regret adding the port field to the TCP_SUPPORTED
notification. We don't have any mechanism for alternate UDP ports. Yes, UDP has
cheap liveness checks to keep the mapping in the NAT so that requests can be
initiated to the original initiator, while TCP
Hi Yaron
On Dec 5, 2012, at 9:59 AM, Yaron Sheffer yaronf.i...@gmail.com wrote:
Hi,
In general, it seems to me we are trying to solve more than we should, and we
should punt on some of the NAT use cases, leave them to configuration or to
out-of-protocol solutions like STUN and friends.
Speaking of the devil in the details…
On Dec 4, 2012, at 3:59 AM, Andrew G. Malis agma...@gmail.com
wrote:
Stephen,
Your goal is laudatory, but the devil will be in the details. For example,
you wrote:
Note also that this experiment just needs an implementation that
makes it
AM GMT+02:00
To: y...@checkpoint.commailto:y...@checkpoint.com
A new version of I-D, draft-ietf-ipsecme-ike-tcp-01.txt
has been successfully submitted by Yoav Nir and posted to the
IETF repository.
Filename: draft-ietf-ipsecme-ike-tcp
Revision: 01
Title: A TCP transport for the Internet Key
On Dec 1, 2012, at 10:36 PM, Dave Crocker d...@dcrocker.net wrote:
What actual problem is this trying to solve? I see the reference to a
'reward', but wasn't aware that there is a perceived problem needing
incentive to solve.
I think the problem is in the subject line. Documents go
Hi Johannes,
Dan't question made me realise something I hadn't noticed before.
In section 2.3, the draft says:
For the encoding of the key exchange payload and the derivation of
the shared secret, the methods specified in [RFC5903] are adopted.
In an ECP key exchange in IKEv2, the
-boun...@ietf.org] On Behalf Of
Yoav Nir
Sent: Friday, November 30, 2012 4:39 PM
To: Johannes Merkle
Cc: IPsecme WG; Manfred Lochter; Sean P. Turner; Dan Harkins;
rfc-...@rfc-editor.org
Subject: Re: [IPsec] I-D on Using the ECC Brainpool Curves for IKEv2 Key
Exchange
Hi Johannes
On Nov 28, 2012, at 1:57 PM, Randy Bush ra...@psg.com wrote:
I'm increasingly seeing a paradigm where the review happens _before_
adoption as a WG draft.
and one consequence is that the design gets done outside of the ietf
process.
+1
Hi
I know we don't like IKEv1 questions, but RFC 4754 does mention it, so here
goes. And sorry if this has been discussed before. I couldn't find it.
In IKEv1 the authentication method is negotiated as an SA parameter. So
presumably the Initiator proposes RSA signatures, ECDSA with the P-256
Hi
During the meeting in Atlanta I said that saying that that pin validation is
disabled when the cert chains to a private trust anchor would not go over well,
because it's disabling a security feature in the presence of an attack. I still
think so, but I think we can raise less red flags if
On Nov 22, 2012, at 2:45 AM, Ryan Sleevi ryan-ietfhas...@sleevi.com wrote:
On Wed, November 21, 2012 1:38 pm, Yoav Nir wrote:
Hi
During the meeting in Atlanta I said that saying that that pin validation
is disabled when the cert chains to a private trust anchor would not go
over well
I think Dave is scheduled to be replaced anyway in March, and now they need to
fill two positions: one immediately (Marshal's) and one in March.
The question they're asking is whether they should be considering additional
names now that (a) there's two positions to fill, and (b) one of them
Hi Carlos.
On Nov 16, 2012, at 3:25 PM, Carlos M. Martinez wrote:
Hello,
On 11/16/12 1:27 AM, John Levine wrote:
Shall we move on?
Sure. Since we agree that there is no way to pay for the extra costs
involved in meeting in places where there are insignificant numbers of
IETF
Hi Larry.
I believe you said the W3C specs have already been changed to point to the
WHAT-WG document. But I'll change the minutes to say Nobody in the group
objected to having this move to WHAT-WG, and the W3C documents can point to
that document.
On Nov 15, 2012, at 3:02 AM, Larry
Hi all
I've uploaded the minutes. Please reply to this message for any corrections.
The minutes are here:
http://www.ietf.org/proceedings/85/minutes/minutes-85-websec
Thanks again to Cyrus for taking the notes.
Yoav
___
websec mailing list
On Nov 12, 2012, at 2:24 PM, Riccardo Bernardini wrote:
On Mon, Nov 12, 2012 at 9:18 AM, Mikael Abrahamsson swm...@swm.pp.se wrote:
On Mon, 12 Nov 2012, Brian E Carpenter wrote:
For WGs that do *not* have a low bar for entry, a detailed complaint to
the chairs and the AD would be very
On Nov 12, 2012, at 6:21 PM, joel jaeggli wrote:
On 11/11/12 3:59 AM, Abdussalam Baryun wrote:
I don't think that thoes Canada and US participants are paying for
the attendance, but their organisations, therefore, are we reducing
the cost of other organisations, or we are interested to
On Nov 8, 2012, at 4:24 PM, David McGrew (mcgrew) wrote:
On 11/8/12 3:26 AM, Johannes Merkle johannes.mer...@secunet.com wrote:
Hi Tero,
Every single option adds complexity, so I do not think we should add
more optional things.
Point compression is not the focus of our draft.
AFAIK it's still Jordi. Anyway, I checked the attendee lists for the last 5
meetings, and didn't see any Carlos Caliente, although given the gmail address,
it's probably a pseudoname.
On Nov 6, 2012, at 5:20 PM, Brian E Carpenter wrote:
I'm not quite sure who is the current sergeant-at-arms
By the formula in that paper, if we rekey every 10 seconds, 3DES is good enough
up to about 10 Gbps, which is pretty high end for most VPNs. The IKE
implementation that goes with a 10 Gbps IPsec implementation should have no
problem rekeying every 10 seconds.
I don't think it matters much
Too late now that our meeting's over.
On Nov 5, 2012, at 9:40 PM, Will Liu (Shucheng) wrote:
Hi all,
I see that several WGs are in here. http://ietf85.conf.meetecho.com/
Do you think it would be a good idea that we also join this?
Will
___
IPsec
Forwarding to the IETF mailing list, which is the proper home for this
discussion.
On Nov 3, 2012, at 10:26 PM, Tero Kivinen wrote:
In Introduction section (1) there is text saying:
--
Bringing these two technologies
I have forwarded this to the IETF, and left out the IPsec mailing list on
purpose, so that future messages are not copied here.
Please reply to that list.
Yoav
Begin forwarded message:
From: Yoav Nir y...@checkpoint.commailto:y...@checkpoint.com
Subject: Re: Comments to the draft-nir-ipsecme
On Oct 25, 2012, at 1:25 AM, Martin Rex wrote:
Doug Barton wrote:
Andrew Sullivan wrote:
Let me get this straight: for the sake of procedures that are clearly
designed to be hard to use,
While I think that 3777 probably errs on the side of too hard to use,
recalling someone from one
On Oct 26, 2012, at 2:49 AM, Chris Palmer wrote:
On Thu, Oct 25, 2012 at 4:58 PM, Rick Andrews rick_andr...@symantec.com
wrote:
Further, no one has yet brought up the privacy issue. CAs sell a lot of
certificates to companies for their internal use. Some of them may object to
Hi Kalyani
The spec is silent on how the responder chooses the algorithm from among the
choices offered by the initiator. It can choose by giving priority to its own
preferences, or by choosing the first proposal that is allowed by its policy.
Since it does not affect interoperability, the RFC
Since you have his postal address, has anyone notified the police?
The IAOC is requesting feedback from the community concerning a
vacancy that the IAOC feels is not adequately covered by existing IETF
rules.
Marshall Eubanks has been a active IETF participant for many years and
a member
Hi all
This is to initiate WGLC for the X-Frame-Options draft (not to be confused with
the Frame-Options draft).
Please go to http://tools.ietf.org/html/draft-ietf-websec-x-frame-options-01,
read the draft and send comments.
As usual, we would very much like to hear comments about clarity,
On Oct 18, 2012, at 2:26 AM, Dan Harkins wrote:
Hi David,
On Wed, October 17, 2012 11:36 am, David Brownhill (dbrownhi) wrote:
Hi Dan,
The lack or EAP authentication would be a non-starter for us to implement
this in our remote access VPN client. Why not support EAP authentication?
On Oct 17, 2012, at 8:42 PM, Ryan Sleevi wrote:
On Wed, October 17, 2012 11:13 am, Tim Moses wrote:
Colleagues - One of the premises of this initiative (perhaps the main
premise) was that product developers would be willing to be governed by
the results of an industry consensus process when
On Oct 17, 2012, at 4:38 PM, Paul Hoffman wrote:
Greetings again. We have a 2-hour time slot in Atlanta, which is way more
than we asked for. We don't need to be talking about
draft-ietf-ipsecme-p2p-vpn-problem because it's finished with WG LC and is
being sent to the AD for review.
Are
On Oct 16, 2012, at 5:14 AM, Paul Wouters wrote:
On Mon, 15 Oct 2012, Paul Hoffman wrote:
Greetings again. draft-ietf-ipsecme-ike-tcp-00.txt has been out for over a
month and has received no discussion. Please review this short draft and
comment on the mailing list.
Thanks for the
Hi all
The WebSec working group will meet in Atlanta on Thursday, November 8th at
17:30 for one hour.
On the agenda are the current work items: (X-)Frame-Options and Key Pinning.
If anyone has some other issue that they would like to present on (preferably
with an I-D!), please contact the
Sorry. Wrong mailing list
On Oct 9, 2012, at 11:04 PM, Yoav Nir wrote:
Hi
I've submitted the below draft. Like the Binary Optimized Header Encoding draft
(from which I have borrowed heavily), this is not meant to be published, but as
an alternative to the proposed header encoding. I believe
Hi all
In Vancouver, the httpbis working group declined to adopt any of the proposed
authentication schemes.
In the coming IETF meeting, the security area is going to have a BoF with the
intention of forming a working group to create a bunch of experimental RFCs for
new authentication
In case I wasn't clear last week, yes, I'm interested, and yes, I'm willing to
review/contribute/edit.
I don't think an opinion that the idea is not yet baked should be a bar to
meeting. Meetings are a good forum for baking ideas.
Yoav
-Original Message-
From:
On Sep 8, 2012, at 7:31 PM, Paul Hoffman wrote:
This appeared on the list over two weeks ago and it has received no comments
since. This is supposed to be the WG's main work item, folks.
--Paul Hoffman
OK.
Section 4.1:
Point #1: While less configuration required is better, I would like
On Sep 7, 2012, at 7:03 PM, Joe Touch wrote:
As I noted, if the IETF publishes IDs, why bother with RFCs?
In addition to what Dave said, the target audience of drafts are IETF
participants. The target audience of RFCs varies, but in the usual case it's
implementers. So drafts might have
With no hats: let's not choose a policy for a registry that we are not setting
up, especially since we're not even sure that it's ever going to be set up.
We can leave it to the first extension document to set up the registry and
policy. If that document ever comes.
Yoav
On Aug 27, 2012, at
On Aug 18, 2012, at 1:55 AM, =JeffH wrote:
Yoav Nir noted:
As a reminder, the proposed resolution is as follows:
* Do not establish a registry now
Let the first new header field specification establish it
* A client that gets an unknown field ignores it
This means
Right.
As a reminder, the proposed resolution is as follows:
* Do not establish a registry now
Let the first new header field specification establish it
* A client that gets an unknown field ignores it
This means no mandatory-to-understand extensions
At this stage, a +1
On Aug 11, 2012, at 9:41 PM, SM wrote:
Here is a rough estimate of users for one content provider:
US 158,758,940
Brazil 54,902,560
India 51,925,180
UK 37,569,580
France 24,345,920
Italy 21,822,640
Canada 17,474,940
Spain 16,075,560
Egypt
On Aug 11, 2012, at 9:10 PM, Paul Hoffman wrote:
On Aug 11, 2012, at 5:05 AM, Randy Bush wrote:
The IETF Chair and the IAB Chair intend to sign the Affirmation
of the Modern Global Standards Paradigm, which can be found
here:
Hi Chris
I've removed SAAG from CC, trimmed most of your message, and re-arranged the
rest. Hope you don't mind…
On Aug 11, 2012, at 1:20 AM, Chris Palmer wrote:
Additionally, HPKP and TACK might converge, more or less. I have plans
to publish a new HPKP I-D that borrows some of TACK's pin
The tourist website www.minneapolis.org uses the slogan City by Nature.
I think An infinitely more glamorous Frankfurt would be an improvement.
.
On Aug 10, 2012, at 10:01 PM, Richard Shockey wrote:
Minneapolis is infinitely more glamorous Frankfurt ..
-Original Message-
From:
On Aug 9, 2012, at 2:35 PM, Dave Cridland wrote:
It seems entirely reasonable that there needs to be a version available that's
precisely as-published, for legal (and quasi-legal) reasons, as you say -
however, that's the version produced by the RFC Editor, and not the tools
version (which
On Aug 9, 2012, at 3:34 PM, John C Klensin wrote:
--On Thursday, August 09, 2012 14:53 +0300 Yoav Nir
y...@checkpoint.com wrote:
This means that there would be two documents with the same RFC
number. The quasi-leagal as published one, and the one of
the tools site. Which should I
On Aug 9, 2012, at 6:07 PM, Dave Crocker wrote:
offlist.
Not so much
Geoff,
Frankfurt is a city in Germany. I believe the IETF has never been there.
Two more tidbits:
- It's a huge aviation hub. There are direct flights from everywhere, similar
to CDG, Heathrow, or Schiphol
- Unlike
Mileage varies.
For me it was the shortest and cheapest flight of any IETF meeting I have
attended.
Yoav
On Aug 8, 2012, at 7:41 PM, Geoff Mulligan wrote:
I liked the hotel and prague was wonderful, but it didn't seem easy to get to
cheaply from the US.
Geoff
On Aug 6, 2012, at
On Aug 7, 2012, at 11:29 AM, t.p. wrote:
When I Google RFC, I am sometimes directed to www.ietf.org, which is
not much help here. Other times, I am directed to tools.ietf.org, whose
format I find less friendly but which does have 'errata exist' in the
top right hand corner. However, I
On Aug 7, 2012, at 5:32 PM, Noel Chiappa wrote:
From: m...@sap.com (Martin Rex)
To me, IPv6 PA prefixes look like a pretty useless feature (from the
customer perspective).
Far be it from me to defend IPv6, but... I don't see the case here.
Our house is pretty typical of the _average_
On Aug 7, 2012, at 6:19 PM, Noel Chiappa wrote:
From: Yoav Nir y...@checkpoint.com
For organizations renumbering is more painful, but as long as there's
plenty of time to prepare - it should be manageable. If it's too
painful, there are provider independent addresses, but how many really
On Aug 7, 2012, at 6:35 PM, Noel Chiappa wrote:
All I changed was the ISP. Why do we call the = thing that's changed
location?
'Location' in the network-centric sense (i.e. 'where in the overall network's
connectivity map you are').
Right.
The location is pretty much irrelevant to the
Hi all
I have uploaded the minutes from last week's meeting. The URL is
http://www.ietf.org/proceedings/84/minutes/minutes-84-websec
Please send corrections to Alexey, Tobias, or me.
Thanks again to Ted Hardie for taking the notes.
Yoav
___
websec
On Aug 2, 2012, at 10:46 AM, Ben Campbell wrote:
Hi, thanks for the response. Comments inline:
On Jul 29, 2012, at 10:29 PM, =JeffH jeff.hod...@kingsmountain.com wrote:
-- I did not find any guidance on how to handle UAs that do not understand
this extension. I don't know if this needs
On Aug 2, 2012, at 10:46 AM, Ben Campbell wrote:
Hi, thanks for the response. Comments inline:
On Jul 29, 2012, at 10:29 PM, =JeffH jeff.hod...@kingsmountain.com wrote:
-- I did not find any guidance on how to handle UAs that do not understand
this extension. I don't know if this needs
Sorry. forgot to CC this list.
Begin forwarded message:
From: Yoav Nir y...@checkpoint.commailto:y...@checkpoint.com
Subject: [saag] WebSec status
Date: August 2, 2012 9:15:07 AM PDT
To: s...@ietf.orgmailto:s...@ietf.org s...@ietf.orgmailto:s...@ietf.org
WebSec met at 9:00 AM on Tuesday morning
He meant PILLAR OF SALT
On Aug 1, 2012, at 9:39 AM, Adrian Farrel wrote:
Barry,
Did you mean bad or BAD?
A
From: ietf-boun...@ietf.orgmailto:ietf-boun...@ietf.org
[mailto:ietf-boun...@ietf.org] On Behalf Of Barry Leiba
Sent: 01 August 2012 17:04
To: Abdussalam Baryun
Cc: ietf
Subject: Re:
On Jul 29, 2012, at 1:17 PM, Glen Zorn wrote:
On Sun, 2012-07-29 at 12:19 -0700, Hannes Tschofenig wrote:
Just a minor comment on this one:
On Jul 29, 2012, at 8:20 AM, SM wrote:
[the] working group at the IETF started with strong web presence. But as
the
work dragged on (and
On Jul 27, 2012, at 9:30 AM, Dan Harkins wrote:
On Thu, July 26, 2012 8:07 pm, Tero Kivinen wrote:
Dan Harkins writes:
On Thu, July 26, 2012 1:59 pm, Yaron Sheffer wrote:
the fact that we need to study the protocol details and go into the
ASN.1 bits to ascertain that we have a problem,
On Jul 26, 2012, at 4:21 PM, Tero Kivinen wrote:
If that is correct how does the PKIX solve this? I.e. when I have
certificate signed by the some other certificate using DSA? If my
reading of RFC5280 is correct there is this signatureAlgorithm ASN.1
blob in front of the signature itself and
On Jul 22, 2012, at 4:42 AM, Ofer Inbar wrote:
Glen Zorn glenz...@gmail.com wrote:
On Sat, 2012-07-21 at 13:25 -0700, Martin Thomson wrote:
On 21 July 2012 06:55, Yoav Nir y...@checkpoint.com wrote:
This year Ramadan started yesterday, and ends on August 19. Moving the
meeting one week
On Jul 22, 2012, at 4:15 PM, Tero Kivinen wrote:
Dan Harkins writes:
We've been through nearly 40 revisions of this protocol (18 for IKEv2,
another
10 to clarify how to use it and then another 11 to do IKEv2v2) and it
still
needs hacks to add some new elliptic curves-- either N new
On Jul 21, 2012, at 10:00 AM, Eliot Lear wrote:
I'd support a date change for IETF 95 but it should be the week of the
14th to take into account Palm Sunday and Good Friday. As to Ramadan, I
too would like to understand if there is a need to take this holiday
into account, and what would be
On Jul 21, 2012, at 7:28 PM, Dan Harkins wrote:
On Sat, July 21, 2012 8:56 am, Tero Kivinen wrote:
Johannes Merkle writes:
Adding them for authentication use (ECDSA use) will most likely get
more opposition. First of all, I am not at all happy how the ECDSA
groups are added to the IKEv2
On Jul 20, 2012, at 4:52 PM, Worley, Dale R (Dale) wrote:
On Fri, 2012-07-20 at 06:07 -0700, IETF Administrative Director wrote:
The draft policy entitled Draft Fee Policy for Legal Requests can be found
at: http://iaoc.ietf.org/policyandprocedures.html
Assuming that the IAOC has set
On Jul 18, 2012, at 9:45 PM, Tero Kivinen wrote:
Adding them to ECDSA is more difficult. Adding them for Diffie-Hellman
use requires updating of one expert review 16-bit registry for IKEv2.
The same registry in the IKEv1 is RFC required, so it does not require
standard track RFC.
Adding
On Jul 19, 2012, at 1:43 PM, Johannes Merkle wrote:
How about standardizing just one more authentication method?
Call it public key signature or some such, and make the signing algorithm
depend on the public key in the CERT payload.
If it's RSA, go by bit strength:
- =1024 - SHA-1
: July 16, 2012 10:07:17 AM GMT+03:00
To: Yoav Nir y...@checkpoint.commailto:y...@checkpoint.com
A new version of I-D, draft-nir-ipsecme-ike-tcp-01.txt
has been successfully submitted by Yoav Nir and posted to the
IETF repository.
Filename: draft-nir-ipsecme-ike-tcp
Revision: 01
Title: A TCP transport
Hi Sean
Thanks for the review. My answers are inline.
Yoav
On Jul 3, 2012, at 2:17 AM, Sean Turner wrote:
Yoav asked me to do an AD review of draft-nir-ipsecme-erx. We agreed
that it'd be all right for me to send my comments here. They are as
follows:
0) Overall: A couple of folks
This creates a distinguished identity, so if two Fei Zhangs attended in Paris
(only case I found in the attendee list), this would distinguish which of them
attended a particular meeting. It would not, however, tie them to an identity
on the mailing list, or to the Fei Zhang who attends the
On Jun 15, 2012, at 12:44 AM, Peter Saint-Andre wrote:
On 6/14/12 3:37 PM, IETF Secretariat wrote:
List address: ietf-...@ietf.org
Is no one thinking ahead to the 822nd meeting of the IETF in the year
2258?!?
Well, I've started working on draft-nir-ipv6-were-finally-deploying-it but I'm
801 - 900 of 1331 matches
Mail list logo
