That would certainly be a more implementable suggestion, if the WG is OK with the idea
that the IKE SAs not being protected. It would make like living with an HSM easier to deal with,
while making the process of deciding which PPK to use simpler. We may end up including a simple
notification scheme (to help with a brownfield scenario, where the peer may or may not be upgraded
to use PPK yet), but we might also decide to omit that as well.
So, is the protection of the IKE SA important? I would personally vote that it is,
but if the WG decides otherwise, then this is clearly a better proposal.
I think that the protection of IKE SA is important. This would preserve IKEv2
security properties (like protecting identities against passive attacker)
and would allow to re-use the solution in G-IKEv2 and other IKEv2 derivations
that do transfer sensitive information within IKE SA.
Otherwise we'll end up with a solution that is very limited to use while still
sustantially modifying the IKEv2 (for example core crypto calculations
must be changed in any case).
Regards,
Valery.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
