Hi all,
Russ Housley has updated his DISCUSS to be the following (Russ see question in on point 2 below):
1) I had many, many comments on section 8.3. My comments were longer than the section itself. Given that, I decided to provide replacement text instead of the comments. The basis of most of these changes is alignment with draft-ietf-ipsec-esp-ah-algorithms-01, which is has just been forwarded to the IESG by the IPsec WG. Here is my proposed text: [snip]
-> Resolution: I think that the text is fine, I will update the document accordingly
-> Question to Russ - how to handle IKEv1 vs. IKEv2? What would be a reasonble reference here?
IKEv2 is still not final. It should be done in a month or so if you want to have your document blocked on the normative reference.
2) In section 8.4, one of my previous comments was rejected without explanation. I said: "I am uncomfortable with support for IKE being a MAY. It ought to be a SHOULD." While I understand that an Informational document is an inappropriate vehicle to impose this requirement, the deployment benefits can be pointed out.
I believe that the 1st paragraph of section 8.4 needs further explanation. A security association is identified by a triple consisting of a Security Parameter Index (SPI), an IP Destination Address, and a security protocol identifier (either AH or ESP). So, manual key management involves a bit more than inserting the same cryptographic key in communicating peers. This document should not specify how that is done, but it should indicate that it needs to be done.
-> Resolution: I could update the text from MAY to a SHOULD, does the WG feel this is reasonable?
Steve Bellovin and I have been asked to provide text. Working on it ...
Russ
-------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
