>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@xxxxxxx> writes:
Nicolas> - Section 5.3 limits the IDs that can be used with KINK
Nicolas> to address/subnet/address range IDs. I think this is too
Nicolas> limited, it seems likely to make KINK very difficult to
Nicolas> use.
Nicolas> I'd rather that a new ID type be defined that
Nicolas> corresponds to Kerberos V principal names and/or that
Nicolas> ID_FQDN and ID_RFC822_ADDR be allowed and a simple
Nicolas> algorithm be recommended for matching principals and such
Nicolas> IDs.
Nico, these are phase 2 IDs. I.E. they describe the SA, not the
parties involved.
I'm afraid you are living in an IKEV2 world where terminology makes
sense.
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf