[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Adding revised identities to IKEv2
Paul,
>> I think we do a disservice to clients if we just through up our
>>hands and say it's too hard.
>
>If you are talking about IKEv2, I fully agree. If you are talking
>about IKEv1, I would disagree because many vendors have in good
>faith tried to interpret what little we have given them and come up
>with radically different answers. It would be wrong for us to, at
>this late date, say that some implementations are non-conformant.
Agreed. We need to distinguish between what people did previously
given the lack of guidance, and what we would like to do going
forward.
>
>> As a nominal co-author for IKEv2, I will try to focus on that part
>>of the doc, which I have not done previously, and work to
>>coordinate it with the PKI profile, to make sure we remove the
>>ambiguities. OK?
>
>Absolutely! Obviously, I would like to help. After Brian and Eric's
>draft gets a bit of discussion on the list (ahem), I think we would
>be in a good place to set down a small number of MUSTs that everyone
>can understand.
OK