[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

draft-ietf-ipsec-ikev2-07.txt

To: IP Security List <ipsec@lists.tislabs.com>
Subject: draft-ietf-ipsec-ikev2-07.txt
From: Charlie_Kaufman@notesdev.ibm.com
Date: Mon, 21 Apr 2003 16:41:27 -0400
Sender: owner-ipsec@lists.tislabs.com





I just submitted draft-ietf-ipsec-ikev2-07.txt to the I-D editor, copying
Paul Hoffman in hopes he will post it on his web site more quickly than the
I-D editor can turn it around. I believe I reflected that changes called
for in Ted's instructions. There are a couple of issues that I wasn't quite
sure how to resolve, and didn't want to hold things up waiting:

1) NAT Traversal. While I had intended that this document obsolete the
previous NAT Traversal RFCs and proposals, I can see from some comments
from Tero that I didn't. He proposed some text that would have made a
normative reference to an I-D, which seemed wrong. The current draft does
not address having an endpoint finding itself behind a NAT adjusting the
rate at which it sends keepalives to keep the address/port mapping active,
nor does it address the mechanisms for coping with addresses and ports
dynamically changing (which can happen with NATs and with IP Mobility). The
current spec does not prohibit such mechanisms, but it doesn't specify them
either. My inclination is to leave that for a subsequent effort, possibly
to be folded into a future revision when it stabilizes.

2) I wasn't quite sure what to do with this one:

6.  Remove language about required cryptographic algorithms.  This
    question of which algorithms are mandatory to implement is to be
    deferred to another specification, which Jeff Schiller is authoring.

Based on the discussion on the list, I got the impression that I was
supposed to leave the tables of assigned codes for the algorithms, but
remove specification of which are mandatory. But I thought I had done that
in -06. I'm going to need more specific instructions on what to take out.
Seeing the companion specification might help.

There were lots of small wording changes proposed on the list (and evoking
no comments) that I included, but some that I did not. I still intend to
respond on the list with an explanation of why I didn't think the proposed
change would work, but I haven't yet. There are undoubtedly other proposed
changes that I either missed or didn't know how to handle. Please repost
them, since at this late date I don't feel free to incorporate much more
than spelling errors without consensus on the list.

      --Charlie

Follow-Ups:
- Re: draft-ietf-ipsec-ikev2-07.txt
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

Prev by Date: RE: Confirm decision on identity handling.
Next by Date: RE: Peer liveliness
Prev by thread: RE: Peer liveliness
Next by thread: Re: draft-ietf-ipsec-ikev2-07.txt
Index(es):
- Date
- Thread