Re: [IPsec] New Version Notification for draft-smyslov-ipsecme-ikev2-aux-02.txt

Mon, 03 Dec 2018 05:09:38 -0800 

Hi,

I've submitted a new version of the draft-smyslov-ipsecme-ikev2-aux. Major 
changes:

1. The exchange is renamed from IKE_AUX to INTERMEDIATE (thanks Tommy!).
    I believe this name reflects its purpose, it's easy to pronounce and hard 
to mix 
     with existing exchanges.
2. The way the exchange is authenticated in IKE_AUTH is changed to include
     full transcript from both parties (thank to Scott for suggesting this).
3. The order of the chunks that are input to prf is changed, as well as the
     position of the prf outputs in the signing blobs. These changes were
     motivated by implementation experience - they make implementing
     the exchanges a bit easier. I believe they don't influence security.
4. Some clarifications are added.

Comments are more than welcome :-)

Regards,
Valery.


> A new version of I-D, draft-smyslov-ipsecme-ikev2-aux-02.txt
> has been successfully submitted by Valery Smyslov and posted to the
> IETF repository.
> 
> Name:         draft-smyslov-ipsecme-ikev2-aux
> Revision:     02
> Title:                Intermediate Exchange in the IKEv2 Protocol
> Document date:        2018-12-03
> Group:                Individual Submission
> Pages:                10
> URL:            
> https://www.ietf.org/internet-drafts/draft-smyslov-ipsecme-ikev2-aux-02.txt
> Status:         
> https://datatracker.ietf.org/doc/draft-smyslov-ipsecme-ikev2-aux/
> Htmlized:       https://tools.ietf.org/html/draft-smyslov-ipsecme-ikev2-aux-02
> Htmlized:       
> https://datatracker.ietf.org/doc/html/draft-smyslov-ipsecme-ikev2-aux
> Diff:           
> https://www.ietf.org/rfcdiff?url2=draft-smyslov-ipsecme-ikev2-aux-02
> 
> Abstract:
>    This documents defines a new exchange, called Intermediate Exchange,
>    for the Internet Key Exchange protocol Version 2 (IKEv2).  This
>    exchange can be used for transferring large amount of data in the
>    process of IKEv2 Security Association (SA) establishment.
>    Introducing Intermediate Exchange allows re-using existing IKE
>    Fragmentation mechanism, that helps to avoid IP fragmentation of
>    large IKE messages, but cannot be used in the initial IKEv2 exchange.
> 
> 
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> The IETF Secretariat

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to