[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

update to draft-richardson-ipsec-opportunistic.txt



-----BEGIN PGP SIGNED MESSAGE-----


A new draft is at:
   http://www.sandelman.ottawa.on.ca/SSW/freeswan/oeid/

ID secretary, please publish the version with change bars:
    draft-richardson-ipsec-opportunistic-03-change.txt	

Thank you.

there is a version without change bars:
    draft-richardson-ipsec-opportunistic-03.txt

HTML:
    draft-richardson-ipsec-opportunistic.html

ChangeLog:

4.2  the forward reference to section 6.2 has been made more obvious.

Section 5.6: "Interactions with COPS" has been removed.

Section 5.7.1, phase 1 IDs, exception clarified.

Section 6.2, use of TXT record, the following paragraph has been added to
deal with key rollover:

	If there is more than one such TXT record with strongest (lowest
	numbered) precedence, one Security Gateway is picked arbitrarily from
	those specified in the strongest-preference records. All keys for
	that all listed Security Gateways are made available as candidates
	for signature checking. This mechanism is required to permit rollover
	of signature keys in a seamless fashion. 

Section 6.2.1 has been rewritten to include a note on the KEY record, on
possible future use of the CERT record.

A section has been added as section 10, "Renewal and Teardown".
It has subsequently been moved to between: "Detailed description of process",
and "Impacts on IKE".

A section "Failure modes" completed was completed.

A section "Multihoming" has been expanded.

added lifetime/lifespan definitions.
moved example from 5B to 5C.
added reference to phase 1 IDs to 5D.
cleared up text in aging section.
added text about delegation of DNSSEC activity to a DNS server.
spelt out DH group names.
added text about ignoring TXT records unless DNSSEC is deployed (somerfeld)
added example of TXT delegation using FQDN.
clarified some text in NAT interaction section.
clarified absense of TXT record need for host implementation









-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys

iQCVAwUBO+tilIqHRg3pndX9AQFddwQAuhTJWap4yJN4/OfoYntqeL3daLJ1eNdD
XmcUWY/gO+AIE2PO1Ys9zJMZlUOKH3j1Hs5NTKeh8Xs6+/VTAnJ1USVEvcAm+lIX
KNhFxDCCVGruCuUWoyvCqPdK2VFfKdbA4tFz77gcrE7t+pm8YQ2o7H/hFrQMbHT7
UJyQn6M2DtQ=
=j1Zz
-----END PGP SIGNATURE-----