[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] FW: Remaining issues for IKEv2

To: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Subject: Re: [Ipsec] FW: Remaining issues for IKEv2
From: Stephen Kent <kent@bbn.com>
Date: Thu, 20 May 2004 10:18:50 -0400
Cc: Tero Kivinen <kivinen@iki.fi>, ipsec@ietf.org
In-reply-to: <p06100585bcd125bb179f@[10.20.30.249]>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: IP Security <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=unsubscribe>
References: <F5F4EC6358916448A81370AF56F211A502B2F688@RED-MSG-51.redmond.corp.microsof t.com> <20040511180439.GE8839@thunk.org><p06100584bccc5e3ebaf5@[10.20.30.249]><16552.44133.542923.965806@fireball.kivinen.iki.fi><p06100553bccffc881204@[10.20.30.249]><16555.5046.667046.853895@fireball.kivinen.iki.fi><p06100585bcd125bb179f@[10.20.30.249]>
Sender: ipsec-admin@ietf.org

At 7:56 AM -0700 5/19/04, Paul Hoffman / VPNC wrote:
>At 10:58 AM +0300 5/19/04, Tero Kivinen wrote:
>>One wierd thing it thas 4.4.1.1 says support for OPAQUE is MUST.
>
>Then that *needs* to be corrected in the next version of the draft.

Support for the selector type in the SPD is trivial, and if we 
mandate support for OPAQUE now, then we're set for later elevation of 
one of these options to SHOULD from MAY, for example.

>
>>So I assume that your vote would be on both on being MAY?
>
>Correct.
>
>>My preferred way would be #3 being SHOULD and #2 being MAY.
>
>That makes some sense too; it's just more adventurous than I would 
>be with this protocol without a lot more support from other vendors.

I agree with Tero that #3 as SHOULD is appropriate. My only concern 
re #3, as Ted noted earlier, is that it imposes an unacceptable 
burden on high speed implementations. Thus, if #3 is SHOULD, then I 
think it would be legitimate for such implementations to not support 
it (consistent with the interpretation of SHOULD).  I would like 
these implementations to support #2 in that case. A statement that an 
implementation SHOULD support either #2 or #3 might be one way of 
expressing this notion.

Steve

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

Follow-Ups:
- Re: [Ipsec] FW: Remaining issues for IKEv2
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

References:
- Re: [Ipsec] FW: Remaining issues for IKEv2
  - From: "Theodore Ts'o" <tytso@MIT.EDU>
- Re: [Ipsec] FW: Remaining issues for IKEv2
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
- Re: [Ipsec] FW: Remaining issues for IKEv2
  - From: Tero Kivinen <kivinen@iki.fi>
- Re: [Ipsec] FW: Remaining issues for IKEv2
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
- Re: [Ipsec] FW: Remaining issues for IKEv2
  - From: Tero Kivinen <kivinen@iki.fi>
- Re: [Ipsec] FW: Remaining issues for IKEv2
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

Prev by Date: [Ipsec] Can't beat our software prices!
Next by Date: Re: [Ipsec] FW: Remaining issues for IKEv2
Previous by thread: Re: [Ipsec] FW: Remaining issues for IKEv2
Next by thread: Re: [Ipsec] FW: Remaining issues for IKEv2
Index(es):
- Date
- Thread