[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Final editing changes to IKEv2

To: ipsec@lists.tislabs.com
Subject: Final editing changes to IKEv2
From: "Theodore Ts'o" <tytso@mit.edu>
Date: Tue, 16 Mar 2004 12:54:27 -0500
Phone: (781) 391-3464
Sender: owner-ipsec@lists.tislabs.com


The following represent the final changes that we believe the IPSEC
working group has developed a consensus to make to IKEv2.  If anyone
has any problems to these set of changes, please make them known within
48 hours.  Otherwise, they will represent editing instructions to the
IKEv2 document editor before we submit this document to the Area
Director for IETF Last Call.

1. Make the changes to IKEv2 cryptographic change which were proposed by
   Hugo, and which were signed off by CFRG:

   https://www1.ietf.org/mail-archive/working-groups/cfrg/current/msg00366.html

2. Add an additional round trip when utilizing  EAP to avoid the
   ambiguity of what "after having sufficient information to compute the
   key" might mean.  This is commonly done in most other applications
   that utilize EAP.

    http://www.vpnc.org/ietf-ipsec/mail-archive/msg02719.html

3.  Add a notify message which specifies whether or not TFC padding is 
	done in ESPv2.   

    http://www.vpnc.org/ietf-ipsec/mail-archive/msg02695.html

	A suggestion has has been made for efficiency's sake that sense
	of the proposal made in the above URL be reversed, since the
	expectation is that normally the RFC padding will be supported:
                                                                               
     ESP_TFC_PADDING_NOT_SUPPORTED                   16394
                                                                               
            This notification asserts that the sending endpoint will NOT
            accept packets that contain Flow Confidetiality (TFC)
            padding.

4.  Clarification about encoding the icmp type/code (bit-packing issue) from
    Charlie Lynn

        http://www.vpnc.org/ietf-ipsec/mail-archive/msg02701.html
                                                                               
5. Make the reference to UDP encaps I-D be normative, and change
   reference to the NAT Requirements I-D be informative.

   http://www.vpnc.org/ietf-ipsec/mail-archive/msg02607.html

6.  Incorporate the list and description of the IANA registries found in
    draft-ietf-ipsec-ikev2-iana-01.txt into IANA Considerations section
    of the IKEv2 I-D.  In adddition, include as the allocation rules for
    all of the IKEv2 registries the policy "Expert Review" required, as
    defined in RFC2434.  The actual initial contents of the registries
    themselves will *not* be included in IANA considerations section.
    Those will be provided to the IANA via the draft-ietf-ipsec-ikev2-iana I-D.
                 
7.  Update copyright statement and IPR statements per new texts found in RFC
    3667-3669


					Ted and Barbara

Follow-Ups:
- Re: Final editing changes to IKEv2
  - From: Yoav Nir <ynir@checkpoint.com>

Prev by Date: CFRG Recommendation: IKEv2 Key Derivation
Next by Date: Remaining open issues for RFC-2401bis
Previous by thread: CFRG Recommendation: IKEv2 Key Derivation
Next by thread: Re: Final editing changes to IKEv2
Index(es):
- Date
- Thread