[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: update to draft-richardson-ipsec-opportunistic.txt
Michael Richardson wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> A new draft is at:
> http://www.sandelman.ottawa.on.ca/SSW/freeswan/oeid/
>
> ID secretary, please publish the version with change bars:
> draft-richardson-ipsec-opportunistic-03-change.txt
>
> Thank you.
>
> there is a version without change bars:
> draft-richardson-ipsec-opportunistic-03.txt
>
> HTML:
> draft-richardson-ipsec-opportunistic.html
>
> ChangeLog:
>
> 4.2 the forward reference to section 6.2 has been made more obvious.
>
> Section 5.6: "Interactions with COPS" has been removed.
>
> Section 5.7.1, phase 1 IDs, exception clarified.
>
> Section 6.2, use of TXT record, the following paragraph has been added to
> deal with key rollover:
>
> If there is more than one such TXT record with strongest (lowest
> numbered) precedence, one Security Gateway is picked arbitrarily from
> those specified in the strongest-preference records. All keys for
> that all listed Security Gateways are made available as candidates
> for signature checking. This mechanism is required to permit rollover
> of signature keys in a seamless fashion.
>
> Section 6.2.1 has been rewritten to include a note on the KEY record, on
> possible future use of the CERT record.
>
> A section has been added as section 10, "Renewal and Teardown".
> It has subsequently been moved to between: "Detailed description of process",
> and "Impacts on IKE".
>
> A section "Failure modes" completed was completed.
>
> A section "Multihoming" has been expanded.
>
> added lifetime/lifespan definitions.
> moved example from 5B to 5C.
> added reference to phase 1 IDs to 5D.
> cleared up text in aging section.
> added text about delegation of DNSSEC activity to a DNS server.
> spelt out DH group names.
> added text about ignoring TXT records unless DNSSEC is deployed (somerfeld)
> added example of TXT delegation using FQDN.
> clarified some text in NAT interaction section.
> clarified absense of TXT record need for host implementation
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3ia
> Charset: latin1
> Comment: Finger me for keys
>
> iQCVAwUBO+tilIqHRg3pndX9AQFddwQAuhTJWap4yJN4/OfoYntqeL3daLJ1eNdD
> XmcUWY/gO+AIE2PO1Ys9zJMZlUOKH3j1Hs5NTKeh8Xs6+/VTAnJ1USVEvcAm+lIX
> KNhFxDCCVGruCuUWoyvCqPdK2VFfKdbA4tFz77gcrE7t+pm8YQ2o7H/hFrQMbHT7
> UJyQn6M2DtQ=
> =j1Zz
> -----END PGP SIGNATURE-----