Re: IKEV2: Issue #4 Revised Identity

[Eric Rescorla <ekr@rtfm.com>]

"Theodore Ts'o" <tytso@mit.edu> writes:
> Hence, our sumary of the discussion on this issue pointed out what we
> believe are the alternatives facing the working group:
> 
> #1) adopting text from the revised-idendity I-D and including it into
> 	the ikev2 I-D
> 
> #2) adopting text from the pki-profile I-D and including it into ikev2 I-D

Regrettably, I don't think that either of these possibilities is
ready for prime time. Although the I-Ds have been out there for
a while, neither has seen much review and I'm not convinced that
either is finished enough to go to WG last call at this time.

If you're a pki-profile guy (which I clearly am), then the obvious
thing to do is go ahead with IKEv2 as is and then publish the
pki-profile document ASAP (where ASAP is "as soon as the WG
really reviews it"). Since it's just a clarification/profile
for IKE, this shouldn't be a problem.

The other alternative, of course, is to actually let the IKE
authors merge one of the proposals into IKE and then 
give it some time to be reviewed, but this blows your deadline.

-Ekr


-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/