Hi Russ,
My apologies for not getting back to you earlier. A combination of
killer travel commitments, fairly nasty bouts of the flu (for both
Barbara and myself, at different times), and the desire to touch base
with all of the members of the ipsec wg management team slowed down my
response.
We agree that the relatively few number of people who responded to the
straw poll was certainly not ideal. However, it is it is true the
number of people who have been actively participating in the ipsec has
been declining over time, and the people who responded were people who
have had a history of participating in the ipsec working group. So we
feel that we should consider the approach of changing IKEv2 to make
transform type 5 (extended sequence number) working group consensus.
As far as the technical aspect of the decision, the fact that many
people at the interop meeting failed to achieve interoperability
simply by reading the document troubles us, and trying to fix this in
a clarification document that will be published separately, and later,
seems to be simply asking for interoperability problems.
Changing transform type 5 to be mandatory does not require a
significant change to the document, nor to existing implementations
that have already implemented extended sequence numbers. Furthermore,
requiring implementations to support ESN does not appear to be overly
burdensome.
- Ted
On Tue, Mar 15, 2005 at 10:13:27AM -0500, Russ Housley wrote:
> Ted:
>
> The fact that so few people responded to the straw poll causes alarm. The
> issue was raised at a bake-off, and some of the implementations
represented
> at the bake-off are not represented in the straw poll responses.
>
> I have a question: Do you believe that this response represents WG
> consensus? If so, then please prepare an RFC Editor note that describes
> the change that needs to be made, send it to me, and I will work with the
> IESG to get it approved. If not, then we should not make any changes.
>
> The WG chairs must judge consensus. In this case, it is a subjective
> decision, and you may want to consult with WG participants that did not
> respond to the straw poll to figure it out. At least one person that was
> at the bake-off has told me that they had come up with a way to achieve
> interoperability without making changes. I think Paul Hoffman made a
> posting to the mail list about that approach half way through the straw
> poll. This is just one more dimension of your consensus decision.
>
> Russ
>
>
> At 07:50 PM 3/14/2005, Theodore Ts'o wrote:
>
> >Two weeks ago, there was a discussion about an interoperability problem
> >in IKEv2 that was turned up during interoperability testing. A week
> >ago, I called for a straw poll; based on the fact that the number of
> >responses was a little sparse, and last week was the Minneapolis IETF, I
> >let the straw poll go on all last week.
> >
> >The straw poll indicated a majority (although certainly not unanimity)
> >preference for proposal C:
> >
> > PROPOSAL C:
> > -----------
> >
> > Change the places that says Transform Type 5 is optional to say
> > it is mandatory.
> >
> >This choice unfortunately would require making changes to the IKEv2 RFC
> >before it is published, and since it has already been through the IESG
> >approval process and almost through the entire RFC editor process,
> >presumably we would need to make a new I-D and then take it through most
> >of this process all over again --- although hopefully it would take much
> >less time the second time around.
> >
> >Russ, would you comment if there is anything special we need to do at
> >this point? Many thanks,
> >
> > - Ted
> >
> >
> >Proposal A:
> > Kevin Li <kli at cisco.com>
> > Timothy Liu <timliu at juniper.net>
> >
> >Proposal C:
> > Srinivasa Rao Addepalli <srao at intoto.com>
> > Geoffrey Huang <ghuang at cisco.com>
> > Michael Roe <mroe at microsoft.com>
> > Grubmair Peter <peter.grubmair at siemens.com>
> > Tero Kivinen <kivinen at iki.fi>
> > Geoffrey Huang <ghuang at cisco.com>
> >
> >Proposal D:
> > Paul Hoffman <paul.hoffman at vpnc.org>
> > Pasi.Eronen at nokia.com
> > Yoav Nir <ynir at checkpoint.com>
>
