Pekka Savola wrote:
On Fri, 13 Aug 2004 [EMAIL PROTECTED] wrote:
The problem is, how to pick between IKEv1 or IKEv2? There is no guidence
anywhere on this.
True, that could cause an interoperability issue. But this is what
the security ADs should be giving guidance on :).
However, discussing this point with Russ, his intention was more about
Key Management, not specifically IKEv1 or IKEv2, hence my text.
What was the context of that discussion? Was it key management for
*IPsec* or key management in general.
If the former, I don't think the current text captures this clearly,
as it mentions stuff like Kerberos, TLS and S/MIME. If in general,
then it's probably fine.
I would strongly advise not making this document logically dependent
on the IETF giving unambiguous guidance on key management in general
or on IKE versions in particular. If we did so, we'd never get the
thing published. So IMHO we have no alternative to the "general"
context.
Brian
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[EMAIL PROTECTED]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
