Steve, you are mostly right, but this I-D only deals with the integrity data exchange using the notify payload. Thanks.
Marcus -----Original Message----- From: Stephen Kent [mailto:k...@bbn.com] Sent: Friday, September 11, 2009 3:23 PM To: mw...@huawei.com Cc: ipsec@ietf.org Subject: Re: [IPsec] draft-wong-ipsecme-ikev2-integrity-data-00.txt At 11:46 AM -0400 9/11/09, Marcus Wong wrote: >Hi Everyone, > >I'm new to the working group. I've uploaded a draft on the use of notify >payload for integrity data exchanges in IKEv2 for your comments and review. >All comments are highly appreciated. Thanks everyone. > > >A new version of I-D, draft-wong-ipsecme-ikev2-integrity-data-00.txt has >been successfuly submitted by Marcus Wong and posted to the IETF repository. > >Filename: draft-wong-ipsecme-ikev2-integrity-data >Revision: 00 >Title: Integrity Data Exchanges in IKEv2 >Creation_date: 2009-09-11 >WG ID: Independent Submission >Number_of_pages: 9 > >Abstract: >IKEv2 supports mutual authentication of the peers but does not support >platform integrity validation of the peers nor does it support the exchange >of data related to the platform integrity validation. This extension allows >platform integrity validation data to be exchanged from one peer (initiator) >to another (respondent), allowing the other peer to either use the data for >statistical analysis, pass it along to a validation entity for validation or >pass it along to a Fraud Information Gathering System for fraud detection or >analysis. > I have mot read you I-D, but this sounds like a NEA issue being pushed into an IPsec protocol. Am I wrong? Steve _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec