[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
draft-ietf-ipsec-ikev2-iana-01.txt
-----BEGIN PGP SIGNED MESSAGE-----
I have updated draft-ietf-ipsec-ikev2-iana-01.txt
(available at: http://www.sandelman.ca/SSW/ietf/ipsec/ikev2/ until ID
editor gets to it)
to include comments so far. The chairs asked that I include the IANA
Considerations from RFC2409, since IKEv2 itself has none. RFC2409
is pretty tight/restricted in its assignments. It predates 2434, so
it doesn't use that terminology, so I've translated, I hope.
** Note the issue of merging:
** a) IKEv2 Proposal Substructure Protocol-IDs
** and
** b) IKEv2 Security Protocol Identifiers
** is still open, and unremarked upon.
** They differ only in that b = a + 1.
RFC2409 says:
11.1 Attribute Classes - Standards Track
11.2 Encryption Algorithm Class - IETF Consensus/Specification Required.
11.3 Hash Algorithm - IETF Consensus, with extra notes.
11.4 Group Description and Group Type - Specification Required
11.5 Life Type - "Specification Required". sort of.
I've been a little less cautious, which is why I'm posting.
This is the result of some years of discussion, and some years of experience
implementing "new things". Thus it is based upon my feelings about
where we should let vendors innovate in isolation, and where they really
need to come clean.
Also, in some cases the requirements are low because the space available is
rather large, in other cases, I can't see very many things being done.
In the case of CFG attribute types, I initialy through,
First-Come-First-Serverd, and then I remembered the PPP world of MS-* options
vs standard ones. Some coordination is required.
IKEv2 Exchange types may created by Standards Action.
IKEv2 Payload Types may be allocated by Specification Required.
IKEv2 Transform Types may be allocated by Specification Required.
IKEv2 Proposal Substructure Protocol-IDs may be allocated by Standards Action.
IKEv2 Transform Attribute Types may be allocated by Specification Required.
IKEv2 Encryption Transform IDs may be allocated by expert review.
The initial expert reviewer is REVIEW.
IKEv2 Pseudo-random Transform IDs may be allocated by expert review.
The initial expert reviewer is REVIEW.
IKEv2 Integrity Algorithm Transform IDs may be allocated by expert review.
The initial expert reviewer is REVIEW.
IKEv2 Diffie-Hellman, ECP and EC2N Transform IDs may be allocated by Spec Required.
IKEv2 Extended Sequence Numbers Transform IDs may be allocated by IETF Consenus.
IKEv2 Payload ID Types may be allocated by Specification Required.
IKEv2 Identification Payload ID Types may be allocated by Specification Required.
IKEv2 Certificate Encodings may be allocated by Specification Required.
IKEv2 Authentication Method may be allocated by Specification Required.
IKEv2 Notification Payload Types may be allocated by First Come-First Served.
IKEv2 Notification IPCOMP Transform IDs may be allocated by expert review.
The initial expert reviewer is REVIEW.
IKEv2 Security Protocol Identifiers may be allocated by Standards Action.
IKEv2 Traffic Selector Types may be allocated by Specification Required.
IKEv2 Configuration Payload CFG Types may be allocated by Specification Required.
IKEv2 Configuration Payload Attribute Types may be allocated by Specification Required.
At a previous time, kivinen@ssh.fi was proposed for "REVIEW", and was
generally acceptable to many. I do not know if Kivinen is still able to
perform this function.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBP/YGEIqHRg3pndX9AQFdWgP9FL2OnOMVzrU58QvNGFaCsyK+Ck4m2x1A
F4PxoEi0dG7JOFRLJr11ZCqZ+hrRJyc0/Xo1g+XeSrY8/U01cEA1yI4eC2X0Q19c
mjJ7d1nYKJlw9rJIu77pZwF5StWuCqvE2ZMZWikQBGZeEoFXR8AptqA3zP5PRH/i
qh/NEY+uHEc=
=u9Ah
-----END PGP SIGNATURE-----