I submitted draft-welter-ipsecme-ikev2-reauth-03 with the rewording shown below. I'd like to ask the working group to accept this as a work item but I am unfamiliar with the process. What next?
Thanks, Keith Welter IBM z/OS Communications Server Developer 1-415-545-2694 (T/L: 473-2694) > I noticed a minor problem in section 5: > "When not using extensible authentication, the peers are authenticated > by having each sign (or MAC using a padded shared secret as the key, > as described later in this section) a block of data. > > But the padding is not described later in the section. > > I will reword the section as follows: > "5. Authentication Data for Reauthenticating the IKE SA > > When not using extensible authentication, the peers are > authenticated by having each sign (or MAC using a padded shared > secret as the key) a block of data as described in [IKEv2] Section > 2.15 except for the following differences: > > o For the modified IKE_AUTH request, the octets to be signed > start with the first octet of the previous Authentication payload > sent by the initiator and end with the last octet of that payload. > > o For the modified IKE_AUTH response, the octets to be signed > start with the first octet of the previous Authentication payload > sent by the responder and end with the last octet of that payload." > > > Keith Welter > IBM z/OS Communications Server Developer > 1-415-545-2694 (T/L: 473-2694)_______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
