Hi all Yesterday, the IESG has started last call on three documents: - draft-harkins-ipsecme-spsk-auth-03 - draft-shin-augmented-pake-03 - draft-kuegler-ipsecme-pace-ikev2-05
All three seek to improve the authentication in IKEv2 when using pre-shared keys, as compared with RFC 5996. The IPsecME working group was unable to choose between them, but I don't think this attempt to throw this decision at the IESG is going to help much. Specifically, I don't think that publishing all three is a positive outcome for this. <poor developer hat on> Moreover, I don't think there's a way for the poor developer to support all four methods, and interoperate with implementations that support just one, without wasting some round-trips on testing whether the peer supports one implementation or the other. If they at least all had something like a notification that says that the initiator supports *this* method in the Initial exchange, and the responder could reply with just one, it would be somewhat better, but still it's a bad outcome for the IETF process. </poor developer hat on> Yoav _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
