Re: [IPsec] WG Last Call on draft-ietf-ipsecme-rfc4307bis

Sun, 10 Apr 2016 16:29:15 -0700 

I think this document is in very good shape, and almost ready.
The two areas where I think some more discussion may be needed are interoperability between IoT and "real" VPNs, and the migration to the RFC 7427 Digital Signature solution. See detailed comments below.
1.2: "an algorithm will be set to MAY", replace by "an algorithm will be denoted here as MAY".
1.2, last paragraph: I suggest to clarify what we mean by interop with IoT, so that we do not fragment IKE2 between the IoT and non-IoT worlds. Something like: "Requirement levels that are marked as "IoT" apply to IoT devices and to server-side implementations that might presumably need to interoperate with them, including any general-purpose VPN gateways." Maybe we should clarify it more by defining an IoT Context and adding separate lines to some of the tables for IoT vs. non-IoT Context.
3.3: AUTH_DES_MAC - the last sentence doesn't apply to it, so the paragraph needs to be rearranged.
4.1: have we considered making "Digital Signature" (#14) a SHOULD+ instead of a SHOULD?
4.2: aren't we trying to move the world to the generic "Digital Signature", even if they're still using old certs? If we are, then (gasp) PKCS1 v1.5 needs to be SHOULD. And the table should mention sha256WithRSAEncryption. 

Thanks,
        Yaron

On 04/08/2016 09:09 PM, Paul Hoffman wrote:

Greetings. As discussed on the list for the past few weeks, and in the
face-to-face meeting in Buenos Aires (which, for many of us, seems to
translate to "too much beef"), draft-ietf-ipsecme-rfc4307bis is ready
for WG Last Call. We would like everyone to review it carefully, given
that there have been some significant changes over the past few months.

This WG Last Call will end on April 22. It would be grand if everyone on
this list would read the draft as if it was brand new and respond on the
list with any problems, any questions, or even just "it is ready to
progress as-is". Extra points are given for reviewers who don't wait
until the last minute.

--Paul Hoffman and Dave Waltermire

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec


_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to