Hi Ana, Thank you for your comments. I am sorry for the late response. I was absent several days.
> ZhangDong wrote: > >> #1. > >> The incentive of the draft is to provide a alternate way to > negotiate > >> esp > >> sa, it will be helpful if more merits of this new approach can be > discussed, > >> especially compared with IKEv2. > >> > > [Dong] Ok, I will consider it and add this part in the following version. > > > > > > What you are suggesting is an opportunistic approach. If CERTS are > not > used, how do you plan to solve the initial leap of faith? If CERTS > are > used, what is the advantage in using your approach? The current 00 version of draft provide a rough proposal of negotiating SA via CGA, more details will be added. Cert is root of trust in CGA usage and is necessary in trust model. At the same time, we will consider various ways to mitigate packet size problem. Would you mind giving some advices? > >> #2. > >> I noticed that IKE and IKEv2 were used alternately in the draft, > and > >> some > >> sentense like "CGA-SA MAY be used in all the scenarios where IKE > is > >> available. The usage scenarios of IKE are stated in [RFC4306]." is > >> confusing. It will be good if you clarify which one you are > talking > >> about or both. > >> > > [Dong] Yes, this problem will be revised. > > > > > > In case of IKEv2, it would be good to replace links to RFC2401 with RFC4301. > > Regarding RFC4301 and SPs, i fail to understand why did you omit the > > traffic selector payload from the negotiation? How will the traffic > selector negotiation be done? Yes, will take care of this problem. Currently, the document just shows an idea of this area in order to find out whether anybody is interested in it. The following drafts will be more perfect. Thanks again for your supplements. Dong Zhang _______________________________________________ CGA-EXT mailing list [email protected] https://www.ietf.org/mailman/listinfo/cga-ext
