On Thu, 26 Oct 2023, Valery Smyslov wrote:
I also have off-the-list conversation with Daniel Van Geest, who made some good proposals, which I would also like to include in the draft if the WG agrees.1. Specify that auth announcements are included into the SUPPORTED_AUTH_METHODS notification in the order of their preferences for the sender. This doesn't break anything (the receiver is free to ignore the order), but might help it to make the best choice. 2. Clarify that peers may send the SUPPORTED_AUTH_METHODS independently of whether it was received (this is not a negotiation). This is what actually the draft says now, just stress this for clarification. 3. Specify interaction with RFC 4739 (Multiple Authentication Exchanges in the Internet Key Exchange (IKEv2) Protocol). In particular. allow sending multiple SUPPORTED_AUTH_METHODS notifications in a message (also add a clarification that if multiple SUPPORTED_AUTH_METHODS notifications are included in a message and the receiver doesn't know why, the all included announcements form a single list).
(speaking as individual) I'm okay with these changes. Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
