RE: IKEv2 and IANA registry

[Paul Hoffman / VPNC <paul.hoffman@vpnc.org>]

It sounds like the draft-ietf-ipsec-ikev2-iana needs to be updated.

At 11:47 AM -0700 4/7/04, Charlie Kaufman wrote:
>2) For pseudo-random transform type 2, the ikev2-13 document defines
>
>	AUTH_AES_XCBC_96     5
>
>I don't know the story here; perhaps this algorithm was added late, or
>perhaps it should be removed as an inappropriate PRF.

It should instead say "AES-XCBC-PRF-128" and reference RFC 3664.

>3) For Extended Sequence Numbers Transform Type 5, (0=NO; 1=YES), the
>iana document lists values 2-65535 as reserved to IANA (thus creating a
>registry). In the ikev2-13, they are RESERVED (avoiding the need for a
>registry). I believe no registry is needed; I doubt any expert would
>approve creation of a new value for a Boolean.

Fully agree.

>4) For Identification Payload ID types, the iana document says the
>values 12-255 are reserved to iana. Ikev2-13 says 12-200 are reserved to
>iana and 201-255 are for private use.

It would be very good to have private use ID payloads.

>6) For traffic selector types, the iana document says types 9-255 are
>reserved to iana; ikev2-13 says 9-240 are reserved to iana and 241-255
>are for private use.

It would be very good to have private use traffic selectors.

--Paul Hoffman, Director
--VPN Consortium