Hannes Tschofenig writes: > The document does not talk about cryptographic algorithm choices nor > does it talk about IPsec (which would be required for a complete > security implementation). Is that a problem? Not necessarily. It is > rather a matter of scope.
I think cryptographic algorithms depend so much about the hardware and environment that I do not think it is useful to list them here. Also this is mostly meant in environments where devices will know beforehand that they will talk to each other, i.e. the sensor device will know that the server it is connecting to, implements the algorithms it is using, so that is not problem. I.e. the server end is quite often full IKEv2 implementation so it will support much wider range of algorithms and the minimal implementation just might support one algorithm. > I do not necessarily need to see a need to change the style and the > abstract says what the document is trying to accomplish. It might > nevertheless be helpful to note in the abstract that the document talks > about raw public keys as well or, if you believe the main focus is on > shared secrets, then put the shared secret authentication somewhere in > the title. I added changed "describes only shared secret authentication" to "describes mostly ..." in the abstract, and added paragraph in the introduction: The main body of this document describes how to use the shared secret authentication in the IKEv2, as it is easiest to implement. In some cases that is not enough and the Appendix B.2 describes how to use Raw Public keys instead of shared secret authentication. The new version should be available shortly. -- [email protected] _______________________________________________ Lwip mailing list [email protected] https://www.ietf.org/mailman/listinfo/lwip
