[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEv2 allocation policies, etc.

To: Michael Richardson <mcr@sandelman.ottawa.on.ca>, ipsec@lists.tislabs.com
Subject: Re: IKEv2 allocation policies, etc.
From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Date: Sat, 31 Jan 2004 10:26:05 -0800
In-reply-to: <24181.1075516719@marajade.sandelman.ottawa.on.ca><24333.1075517074@marajade.sandelman.ottawa.on.ca>
References: <24181.1075516719@marajade.sandelman.ottawa.on.ca><24333.1075517074@marajade.sandelman.ottawa.on.ca>
Sender: owner-ipsec@lists.tislabs.com

At 9:38 PM -0500 1/30/04, Michael Richardson wrote:
>     VPNC> Are we trying to micro-manage the future with having different
>     VPNC> categories for policies?
>
>   Let's divide what you saying into two statements:
>
>   1) that we should not have different policies for different tables
>      ("micro-management")
>
>   2) that the single policy should be expert review.
>
>
>   I don't have an opinion on this. If the expert is capable, then there is
>no problem.

The expert is assigned by the IESG. I think we can safely assume that 
if the IESG assigns a lame expert, they'll hear about it quickly 
enough.

>     Theodore> My understanding was that an Expert represented a much higher
>     Theodore> bar, because human is in the loop.  My assumption was that an
>     Theodore> Expert would
>
>   Specification Required involves the RFC-editor, or possibly another
>peer-reviewed journal. I think that this is a much higher bar.

I agree with Ted and disagree with Michael. The RFC Editor is not 
going to be an expert in IPsec, and probably not have a very 
well-attuned garbage detector for bad proposals. The expert should.

>   I don't think that that IETF has a lot of experience with expert review yet.

Fully disagree. It's working fine in many areas. (Full disclosure: 
I'm now the "expert" on charsets (!))

>   And, while the expert may ask to see a specification, (not necessary
>though), the specification may be proprietary, require NDA, specific-national
>security clearance, etc.

At which point they will not get their IANA registration.

>   So, expert review does not, in my opinion, mean that we get any
>specifications to look at. It just avoids silly stuff.

That isn't how it has worked in other parts of the IETF. For 
instance, the IESG might require that the expert have a review team, 
so all proposals are seen by many sets of eyes. (This is the case for 
charsets, which are often more intricate and obscure than IKE 
parameters.)

--Paul Hoffman, Director
--VPN Consortium

Follow-Ups:
- Re: IKEv2 allocation policies, etc.
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

References:
- Re: IKEv2 allocation policies
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
- Re: IANA document
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: Re: IKEv2 allocation policies
Next by Date: Re: Datagram TLS
Previous by thread: Re: IANA document
Next by thread: Re: IKEv2 allocation policies, etc.
Index(es):
- Date
- Thread