[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OPEN ISSUES WG LAST CALL: draft-ietf-ipsec-ikev2-05.txt




Charlie Kaufman has released the next version of IKEv2
(draft-ietf-ipsec-ikev2-05.txt) and we are slowly but surely getting
closer to completion.  Many thanks to Charlie and those who
contributed text, ideas, and bug fixes to this new version of the
ikev2 I-D.

At the time when Charlie began his revisions to produce the 05 I-D,
there were still a few open issues.  In the meantime, some additional
issues have opened up, including the discussion between Tero, Francis,
and Radia regarding address management and whether IKE v2 adequately
handles NAT traversal (particularly in transport mode).  Furthermore,
ikev2-05 has changed significantly and has much new material to
address various concerns addressed by those on the list, including the
addition of the agreed-upon handling of legacy authentication, more
explicit specifications about when the CERT and CERTREQ packets much
be sent and how they should be handled, the addition of crypto suites,
and so on.

Because of the large amount of changes, and a few remaining open
issues, it is clear that it would be premature to issue a last call on
the ikev2-05 document.  However, in order to continue to make forward
progress, what Barbara and I would like to do is to issue a last call
on open issues and specific proposals for edits to the ikev2
specification.

Specifically, in the next two weeks, we request all members of the IPSEC
working group to carefully read and digest the ikev2 specification, and
make known any issues they may have with the document, complete with
specific changes to the document which they believe would resolve those
issues.  

For example, in the case of the open issue on how to handle
configuration, the choices to the working group are:

	* Keep configuration payload
	* Remove configuration payload and pursue RFC 3456-style configuration
	* Keep configuration payload and allow optional 
		RFC 3456-style configuration

Depending on how the working group decides this issue in San
Francisco, the net effect on the IKE v2 document will ultimately be
whether or not section 3.15 (Configuration payload) is removed, and
whether or not either the ipsec or ipsra working group shall pursue an
update to RFC 3456 to support IKEv2.

So we hereby issue a "last call" for open issues regarding the ikev2
I-D that need to be addressed by this working group.  This last call
will terminate in two weeks, at the commencement of the San Francisco
IETF meeting.  During this last call period, we will be collecting and
summarizing open issues which are brought up, with the goal of
resolving all of these issues either before or at the IPSEC working
group meeting in San Francisco.  After this "issues last call" is
completed, the working group will not entertain any additional new
issues unless they represent a fundamental flaw to the IKEv2 protocol,
and we will be issuing final editing directions to the ikev2 document
editor so that we can finish this specification as soon as possible
after the San Francisco meeting.

					- Ted and Barbara