[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: update to draft-richardson-ipsec-opportunistic.txt



Michael Richardson wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> A new draft is at:
>    http://www.sandelman.ottawa.on.ca/SSW/freeswan/oeid/
> 
> ID secretary, please publish the version with change bars:
>     draft-richardson-ipsec-opportunistic-03-change.txt
> 
> Thank you.
> 
> there is a version without change bars:
>     draft-richardson-ipsec-opportunistic-03.txt
> 
> HTML:
>     draft-richardson-ipsec-opportunistic.html
> 
> ChangeLog:
> 
> 4.2  the forward reference to section 6.2 has been made more obvious.
> 
> Section 5.6: "Interactions with COPS" has been removed.
> 
> Section 5.7.1, phase 1 IDs, exception clarified.
> 
> Section 6.2, use of TXT record, the following paragraph has been added to
> deal with key rollover:
> 
>         If there is more than one such TXT record with strongest (lowest
>         numbered) precedence, one Security Gateway is picked arbitrarily from
>         those specified in the strongest-preference records. All keys for
>         that all listed Security Gateways are made available as candidates
>         for signature checking. This mechanism is required to permit rollover
>         of signature keys in a seamless fashion.
> 
> Section 6.2.1 has been rewritten to include a note on the KEY record, on
> possible future use of the CERT record.
> 
> A section has been added as section 10, "Renewal and Teardown".
> It has subsequently been moved to between: "Detailed description of process",
> and "Impacts on IKE".
> 
> A section "Failure modes" completed was completed.
> 
> A section "Multihoming" has been expanded.
> 
> added lifetime/lifespan definitions.
> moved example from 5B to 5C.
> added reference to phase 1 IDs to 5D.
> cleared up text in aging section.
> added text about delegation of DNSSEC activity to a DNS server.
> spelt out DH group names.
> added text about ignoring TXT records unless DNSSEC is deployed (somerfeld)
> added example of TXT delegation using FQDN.
> clarified some text in NAT interaction section.
> clarified absense of TXT record need for host implementation
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3ia
> Charset: latin1
> Comment: Finger me for keys
> 
> iQCVAwUBO+tilIqHRg3pndX9AQFddwQAuhTJWap4yJN4/OfoYntqeL3daLJ1eNdD
> XmcUWY/gO+AIE2PO1Ys9zJMZlUOKH3j1Hs5NTKeh8Xs6+/VTAnJ1USVEvcAm+lIX
> KNhFxDCCVGruCuUWoyvCqPdK2VFfKdbA4tFz77gcrE7t+pm8YQ2o7H/hFrQMbHT7
> UJyQn6M2DtQ=
> =j1Zz
> -----END PGP SIGNATURE-----