Group Domain of Interpretation (GDOI) GROUPKEY-PUSH Acknowledgement Message
draft-weis-gdoi-rekey-ack-07
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2017-11-28
|
07 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2017-10-27
|
07 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2017-10-18
|
07 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2017-09-28
|
07 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2017-09-28
|
07 | (System) | IANA Action state changed to Waiting on RFC Editor from Waiting on Authors |
2017-09-22
|
07 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2017-09-21
|
07 | (System) | IANA Action state changed to In Progress |
2017-09-21
|
07 | (System) | RFC Editor state changed to EDIT |
2017-09-21
|
07 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2017-09-21
|
07 | (System) | Announcement was received by RFC Editor |
2017-09-21
|
07 | Amy Vezza | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2017-09-21
|
07 | Amy Vezza | IESG has approved the document |
2017-09-21
|
07 | Amy Vezza | Closed "Approve" ballot |
2017-09-21
|
07 | Amy Vezza | Ballot approval text was generated |
2017-09-21
|
07 | Amy Vezza | IESG state changed to Approved-announcement to be sent from IESG Evaluation::AD Followup |
2017-09-09
|
07 | Adam Roach | [Ballot Position Update] Position for Adam Roach has been changed to No Objection from Discuss |
2017-09-08
|
07 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2017-09-08
|
07 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2017-09-08
|
07 | Brian Weis | New version available: draft-weis-gdoi-rekey-ack-07.txt |
2017-09-08
|
07 | (System) | New version approved |
2017-09-08
|
07 | (System) | Request for posting confirmation emailed to previous authors: Thomas Karl , Umesh Mangla , Brian Weis , Nilesh Maheshwari |
2017-09-08
|
07 | Brian Weis | Uploaded new revision |
2017-08-31
|
06 | Cindy Morgan | IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation |
2017-08-30
|
06 | Alexey Melnikov | [Ballot comment] I agree with Adam's DISCUSS and comments. |
2017-08-30
|
06 | Alexey Melnikov | [Ballot Position Update] New position, No Objection, has been recorded for Alexey Melnikov |
2017-08-30
|
06 | Suresh Krishnan | [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan |
2017-08-30
|
06 | Terry Manderson | [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson |
2017-08-30
|
06 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2017-08-29
|
06 | Adam Roach | [Ballot discuss] I have concerns about the interoperability of this mechanism as defined. Section 6 indicates that GMs may introduce ack jitter of "a few … [Ballot discuss] I have concerns about the interoperability of this mechanism as defined. Section 6 indicates that GMs may introduce ack jitter of "a few seconds," and that the GCKS should wait "several seconds" for receipt. These are both very subjective terms, and it would be perfectly reasonable for a GM implementor to decide that "a few seconds" is up to, say 10; while a GCKS implementor might reasonably think that "several seconds" is as short as, say, five. The result is two compliant implementations that don't actually interop under most circumstances. Please define a hard maximum amount of jitter that GMs can be expected to introduce "e.g., several seconds, but no more than five"), and advise that the GCKS wait a specific slightly longer amount (e.g., six seconds, which is five plus more than enough to accommodate a reasonable RTT). |
2017-08-29
|
06 | Adam Roach | [Ballot comment] I was going to make the same comment Ben did about "...does not intend to..." but he beat me to it. The document … [Ballot comment] I was going to make the same comment Ben did about "...does not intend to..." but he beat me to it. The document uses 2119 language, but doesn't appear to do so reliably (see, e.g., the "must" in section 3.1, and many instances of "may" throughout the document that appear to be normative). I suggest a pass through the document to ensure the use of 2119 terms is as intended. Section 3.2, in describing the format of "L" in the ack_key derivation, needs to indicate byte order (I suspect you mean to say something like: "...as two octets in network order (that is, most significant byte first)."). I would also suggest that the guidance around detecting that a GM has left the group require that the GCKS receive at least one Ack from the GM before it uses the absence of an Ack to indicate that it has left; as the document notes, there are a number of reasons that the GCKS may not receive the Acks. |
2017-08-29
|
06 | Adam Roach | [Ballot Position Update] Position for Adam Roach has been changed to Discuss from No Objection |
2017-08-29
|
06 | Adam Roach | [Ballot comment] I was going to make the same comment Ben did about "...does not intend to..." but he beat me to it. The document … [Ballot comment] I was going to make the same comment Ben did about "...does not intend to..." but he beat me to it. The document uses 2119 language, but doesn't appear to do so reliably (see, e.g., the "must" in section 3.1, and many instances of "may" throughout the document that appear to be normative). I suggest a pass through the document to ensure the use of 2119 terms is as intended. Section 3.2, in describing the format of "L" in the ack_key derivation, should indicate byte order (I suspect you mean to say something like: "...as two octets in network order (that is, most significant byte first)."). Section 6 indicates that GMs may introduce ack jitter of "a few seconds," and that the GCKS should wait "several seconds" for receipt. These are both very subjective terms, and it would be perfectly reasonable for a GM implementor to decide that "a few seconds" is up to, say 10; while a GCKS implementor might think that "several seconds" is as short as, say, five. The result is two compliant implementations that don't actually interop under most circumstances. Please define a hard maximum amount of jitter that GMs can be expected to introduce "e.g., several seconds, but no more than five"), and advise that the GCKS wait a specific slightly longer amount (e.g., six seconds, which is five plus more than enough to accommodate a reasonable RTT). I would also suggest that the guidance around detecting that a GM has left the group require that the GCKS receive at least one Ack from the GM before it uses the absence of an Ack to indicate that it has left; as the document notes, there are a number of reasons that the GCKS may not receive the Acks. |
2017-08-29
|
06 | Adam Roach | [Ballot Position Update] New position, No Objection, has been recorded for Adam Roach |
2017-08-29
|
06 | Ben Campbell | [Ballot comment] - 4: "If a GM does not intend to respond with Acknowledgements,..." The previous paragraph said a GM that recognizes the ack request … [Ballot comment] - 4: "If a GM does not intend to respond with Acknowledgements,..." The previous paragraph said a GM that recognizes the ack request MUST return an acknowlegement. I assume this sentence refers to GMs that do not recognize the request, but it seems to allow any GM to just decide not to respond. |
2017-08-29
|
06 | Ben Campbell | [Ballot Position Update] New position, No Objection, has been recorded for Ben Campbell |
2017-08-29
|
06 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2017-08-29
|
06 | Kathleen Moriarty | IESG state changed to IESG Evaluation from Waiting for Writeup |
2017-08-28
|
06 | Warren Kumari | [Ballot comment] Thanks for addressing Michael's comments. I'd also like to thank Adrian for a nice shepherd writeup.... |
2017-08-28
|
06 | Warren Kumari | [Ballot Position Update] New position, No Objection, has been recorded for Warren Kumari |
2017-08-28
|
06 | (System) | IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed |
2017-08-27
|
06 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
2017-08-26
|
06 | Roni Even | Request for Telechat review by GENART Completed: Ready. Reviewer: Roni Even. Sent review to list. |
2017-08-26
|
06 | Eric Rescorla | [Ballot Position Update] New position, No Objection, has been recorded for Eric Rescorla |
2017-08-25
|
06 | Mirja Kühlewind | [Ballot comment] - Thanks for addressing the very good gen-art review comments (And thanks Roni!) - I guess the GM could indicate at registration time … [Ballot comment] - Thanks for addressing the very good gen-art review comments (And thanks Roni!) - I guess the GM could indicate at registration time that it is able and willing to support ACKs. While this information is maybe not super helpful, it could potentially be used to detect network problem, e.g. that ACKs are dropped. Was this considered? - sec 6: „A GM MAY introduce a jitter to the timing of its Acknowledgement message“ -> I guess the server could also send out the push messages with jitter while the GM replies immediately. In this case there is less uncertainty when the ACK will be sent and how long the server has to wait for it. Was this considered? - sec 7.1: „ Therefore, there is no direct value that the attacker derives from the knowledge of the sequence number.“ -> Doesn’t knowing part of the encrypted text in clear potentially help to break the encryption? Should this be considered? |
2017-08-25
|
06 | Mirja Kühlewind | [Ballot Position Update] New position, No Objection, has been recorded for Mirja Kühlewind |
2017-08-25
|
06 | Kathleen Moriarty | Ballot has been issued |
2017-08-25
|
06 | Kathleen Moriarty | [Ballot Position Update] New position, Yes, has been recorded for Kathleen Moriarty |
2017-08-25
|
06 | Kathleen Moriarty | Created "Approve" ballot |
2017-08-25
|
06 | Kathleen Moriarty | Ballot writeup was changed |
2017-08-24
|
06 | Jean Mahoney | Request for Telechat review by GENART is assigned to Roni Even |
2017-08-24
|
06 | Jean Mahoney | Request for Telechat review by GENART is assigned to Roni Even |
2017-08-24
|
06 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2017-08-24
|
06 | Brian Weis | New version available: draft-weis-gdoi-rekey-ack-06.txt |
2017-08-24
|
06 | (System) | New version approved |
2017-08-24
|
06 | (System) | Request for posting confirmation emailed to previous authors: Thomas Karl , Umesh Mangla , Brian Weis , Nilesh Maheshwari |
2017-08-24
|
06 | Brian Weis | Uploaded new revision |
2017-08-11
|
05 | Kathleen Moriarty | Placed on agenda for telechat - 2017-08-31 |
2017-08-05
|
05 | Yaron Sheffer | Request for Last Call review by SECDIR Completed: Has Issues. Reviewer: Yaron Sheffer. Sent review to list. |
2017-08-01
|
05 | Gunter Van de Velde | Request for Last Call review by OPSDIR Completed: Has Nits. Reviewer: Zitao Wang. |
2017-07-17
|
05 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2017-07-13
|
05 | (System) | IANA Review state changed to IANA OK - Actions Needed from IANA - Review Needed |
2017-07-13
|
05 | Sabrina Tanamal | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Services Operator has completed its review of draft-weis-gdoi-rekey-ack-05.txt. If any part of this review is inaccurate, please let … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Services Operator has completed its review of draft-weis-gdoi-rekey-ack-05.txt. If any part of this review is inaccurate, please let us know. The IANA Services Operator understands that, upon approval of this document, there are three actions which we must complete. First, in the SA KEK Payload Values - KEK Attributes registry, located on the Group Domain of Interpretation (GDOI) Payloads registry page located at: https://www.iana.org/assignments/gdoi-payloads/ a new registration is to be made as follows: Value: [ TBD-at-registration ] ID Class: KEK_ACK_REQUESTED Type: B Reference: [ RFC-to-be ] Second, a new registry is to be created called the KEK_ACK_REQUESTED Values registry. This will be a registry located on the Group Domain of Interpretation (GDOI) Payloads registry page located at: https://www.iana.org/assignments/gdoi-payloads/ The new registry will be managed via Specification Required as defined in RFC 5226. There are new registrations in the new registry as follows: Value Type Reference ------- --------------- ------------- 0 Reserved [ RFC-to-be ] 1 REKEY_ACK_KEK [ RFC-to-be ] 2 REKEY_ACK_LKH [ RFC-to-be ] 3-128 Unassigned [ RFC-to-be ] 129-255 Private Use [ RFC-to-be ] Third, a new subregistry is to be created called the GDOI DOI Exchange Types registry. This will be a subregistry of the GDOI ID Payload Type Values registry located on the Group Domain of Interpretation (GDOI) Payloads registry page located at: https://www.iana.org/assignments/gdoi-payloads/ The new registry will be managed via Specification Required as defined in RFC 5226. There are new registrations in the new registry as follows: Value Phase Reference ---- ----- ------------- GROUPKEY-PULL 32 [ RFC 6407 ] GROUPKEY-PUSH 33 [ RFC 6407 ] Reserved 34 GROUPKEY-PUSH-ACK 35 [ RFC-to-be ] Unassigned 36-239 The IANA Services Operator understands that these three actions are the only ones required to be completed upon approval of this document. Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed. Thank you, Sabrina Tanamal IANA Services Specialist PTI |
2017-06-26
|
05 | Roni Even | Request for Last Call review by GENART Completed: Almost Ready. Reviewer: Roni Even. Sent review to list. |
2017-06-24
|
05 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Yaron Sheffer |
2017-06-24
|
05 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Yaron Sheffer |
2017-06-24
|
05 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Zitao Wang |
2017-06-24
|
05 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Zitao Wang |
2017-06-22
|
05 | Jean Mahoney | Request for Last Call review by GENART is assigned to Roni Even |
2017-06-22
|
05 | Jean Mahoney | Request for Last Call review by GENART is assigned to Roni Even |
2017-06-19
|
05 | Cindy Morgan | IANA Review state changed to IANA - Review Needed |
2017-06-19
|
05 | Cindy Morgan | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: draft-weis-gdoi-rekey-ack@ietf.org, Kathleen.Moriarty.ietf@gmail.com, adrian@olddog.co.uk Reply-To: ietf@ietf.org Sender: Subject: Last Call: … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: draft-weis-gdoi-rekey-ack@ietf.org, Kathleen.Moriarty.ietf@gmail.com, adrian@olddog.co.uk Reply-To: ietf@ietf.org Sender: Subject: Last Call: (GDOI GROUPKEY-PUSH Acknowledgement Message) to Proposed Standard The IESG has received a request from an individual submitter to consider the following document: - 'GDOI GROUPKEY-PUSH Acknowledgement Message' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2017-07-17. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The Group Domain of Interpretation (GDOI) includes the ability for a Group Controller/Key Server (GCKS) to provide a set of current Group Member (GM) devices with additional security associations (e.g., to rekey expiring security associations). This memo adds the ability of a GCKS to request the GM devices to return an acknowledgement of receipt of its rekey message, and specifies the acknowledgement method. This draft references RFC2408 as GDOI continued its use of this RFC when it was obsoleted by RFC5996 and subsequently RFC7296. This is an intentional reference as explained in the shepherd report. The file can be obtained via https://datatracker.ietf.org/doc/draft-weis-gdoi-rekey-ack/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-weis-gdoi-rekey-ack/ballot/ The following IPR Declarations may be related to this I-D: https://datatracker.ietf.org/ipr/2217/ |
2017-06-19
|
05 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
2017-06-19
|
05 | Cindy Morgan | Last call announcement was changed |
2017-06-19
|
05 | Kathleen Moriarty | Last call was requested |
2017-06-19
|
05 | Kathleen Moriarty | Ballot approval text was generated |
2017-06-19
|
05 | Kathleen Moriarty | Ballot writeup was generated |
2017-06-19
|
05 | Kathleen Moriarty | IESG state changed to Last Call Requested from Publication Requested |
2017-06-19
|
05 | Kathleen Moriarty | Last call announcement was generated |
2017-06-19
|
05 | Kathleen Moriarty | IESG process started in state Publication Requested |
2017-04-07
|
05 | Kathleen Moriarty | IETF WG state changed to Submitted to IESG for Publication |
2017-03-28
|
05 | Adrian Farrel | Changed document writeup |
2017-03-10
|
05 | Brian Weis | New version available: draft-weis-gdoi-rekey-ack-05.txt |
2017-03-10
|
05 | (System) | New version approved |
2017-03-10
|
05 | (System) | Request for posting confirmation emailed to previous authors: Umesh Mangla , Thomas Karl , Nilesh Maheshwari , Brian Weis |
2017-03-10
|
05 | Brian Weis | Uploaded new revision |
2017-01-26
|
04 | Kathleen Moriarty | Changed consensus to Yes from Unknown |
2017-01-26
|
04 | Kathleen Moriarty | Intended Status changed to Proposed Standard from None |
2017-01-26
|
04 | Kathleen Moriarty | Notification list changed to "Adrian Farrel" <adrian@olddog.co.uk> |
2017-01-26
|
04 | Kathleen Moriarty | Document shepherd changed to Adrian Farrel |
2017-01-26
|
04 | Kathleen Moriarty | Stream changed to IETF from None |
2017-01-26
|
04 | Kathleen Moriarty | Shepherding AD changed to Kathleen Moriarty |
2016-11-14
|
04 | Brian Weis | New version available: draft-weis-gdoi-rekey-ack-04.txt |
2016-11-14
|
04 | (System) | New version approved |
2016-11-14
|
04 | (System) | Request for posting confirmation emailed to previous authors: "Brian Weis" , "Nilesh Maheshwari" , "Thomas Karl" , "Umesh Mangla" |
2016-11-14
|
04 | Brian Weis | Uploaded new revision |
2016-09-22
|
03 | (System) | Document has expired |
2016-03-21
|
03 | Brian Weis | New version available: draft-weis-gdoi-rekey-ack-03.txt |
2015-03-09
|
02 | Brian Weis | New version available: draft-weis-gdoi-rekey-ack-02.txt |
2014-07-03
|
01 | Brian Weis | New version available: draft-weis-gdoi-rekey-ack-01.txt |
2013-10-17
|
(System) | Posted related IPR disclosure: Cisco's Statement of IPR Related to draft-weis-gdoi-rekey-ack-00 | |
2013-10-11
|
00 | Brian Weis | New version available: draft-weis-gdoi-rekey-ack-00.txt |