[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEv2: active user identity protection




In message <3F009E0C.5010109@airespace.com>, "Scott G. Kelly" writes:
>
>I appreciate the desire to contain discussions, but let's be very clear
>about this: this issue was raised as part of last call for IKEv2, and a
>significant number of folks have offered support for the notion that
>this is a significant shortcoming in the current spec. It is
>inappropriate to simply quash the discussion because you don't like the
>idea.
>
>If last call has degenerated to a symbolic gesture which is not intended
>to really flush out final issues, then I guess you are within your
>rights. Otherwise, what is the resolution process when issues such as
>these are raised? I'm not sure what the appropriate procedure is here,
>but this is important. Do we need to take it to the IESG, or can we
>solve it here?

There is, however, a need to avoid resurrecting the same issue over and over;
Tero gave three URLs in the WG list archives that point back to the same topic
(as Hugo raised it, first URL below). Given the lack of much discussion, Russ'
comments (see second URL below, copied from Tero's message), and Ted and
Barbara's decision (third URL) two months ago, it would seem to me that the
issue is closed. I personally agree that active identity protection is
important, but I think this discussion is going around in circles.

I also like Tero's suggestion --- it's not perfect, but it's good enough for
most purposes, and it won't block the IKEv2 document from moving forward.
Cheers,
-Angelos

Hugo's original email:
http://www.vpnc.org/ietf-ipsec/mail-archive/msg03639.html

Area Directors comments:
http://www.vpnc.org/ietf-ipsec/mail-archive/msg03653.html

Working group chairs comments:
http://www.vpnc.org/ietf-ipsec/mail-archive/msg03809.html