Hi all, The 2nd issue is about key management. Steve Bellovin also raised this point with the draft.
Russ says: In section 8.4, one of my previous comments was rejected without explanation. I said: "I am uncomfortable with support for IKE being a MAY. It ought to be a SHOULD." While I understand that an Informational document is an inappropriate vehicle to impose this requirement, the deployment benefits can be pointed out. My proposed text is: 8.4 Key Management Methods An implementation MUST support the manual configuration of the security key and SPI. The SPI configuration is needed in orderto delineate between multiple keys. Key management SHOULD be supported. Examples of key management systems include IKEv1 [RFC-2407] [RFC-2408] [RFC-2409], IKEv2 [IKEv2] and Kerberos; S/MIME and TLS include key management functions. Where key refresh, anti-replay features of AH and ESP, or on-demand creation of Security Associations (SAs) is required, automated keying MUST be supported. Key management methods for multicast traffic are also being worked on by the MSEC WG. I still need to get an OK from Russ, if the text is accurate & meets his concerns. However, I need to get input from the WG if this is OK as well. thanks, John -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------