Hi all,
The 2nd issue is about key management. Steve Bellovin also raised
this point with the draft.
Russ says:
In section 8.4, one of my previous comments was rejected without
explanation. I said: "I am uncomfortable with support for IKE being
a MAY. It ought to be a SHOULD." While I understand that an
Informational document is an inappropriate vehicle to impose this
requirement, the deployment benefits can be pointed out.
My proposed text is:
8.4 Key Management Methods
An implementation MUST support the manual configuration of the security key
and
SPI. The SPI configuration is needed in orderto delineate between multiple
keys.
Key management SHOULD be supported. Examples of key management systems
include IKEv1 [RFC-2407] [RFC-2408] [RFC-2409], IKEv2 [IKEv2] and Kerberos;
S/MIME and TLS include key management functions.
Where key refresh, anti-replay features of AH and ESP, or on-demand creation
of Security Associations (SAs) is required, automated keying MUST be
supported.
Key management methods for multicast traffic are also being worked on by the
MSEC WG.
I still need to get an OK from Russ, if the text is accurate & meets his concerns.
However, I need to get input from the WG if this is OK as well.
thanks,
John
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[EMAIL PROTECTED]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
