Re: [IPsec] IETFLC comments for draft-ietf-ipsecme-ikev2bis-08

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Pasi.Eronen@xxxxxxxxx writes:
> Paul Hoffman wrote:
> 
> > >- One of the changes is listed in Section 1.7 twice. I'd suggest
> > >combining
> > >
> > >   In section 1.3.2, changed "The KEi payload SHOULD be included" to
> > >   be "The KEi payload MUST be included".  This also led to changes in
> > >   section 2.18.
> > >
> > >and
> > >
> > >   Section 2.18 requires doing a Diffie-Hellman exchange when rekeying
> > >   the IKE_SA.  In theory, RFC 4306 allowed a policy where the Diffie-
> > >   Hellman exchange was optional, but this was not useful (or
> > >   appropriate) when rekeying the IKE_SA.
> > >
> > >as follows:
> > >
> > >   This document requires doing a Diffie-Hellman exchange when
> > >   rekeying the IKE_SA (and thus requires including the KEi/KEr
> > >   payloads).  In theory, RFC 4306 allowed a policy where the
> > >   Diffie-Hellman exchange was optional (and KEi/KEr payloads could be
> > >   omitted), this was not useful (or appropriate) when rekeying the
> > >   IKE_SA.
> > 
> > Disagree. Where possible, I tried to list the actual sections where
> > changes were made, and your proposed rewording loses the two places.
> > The current text is more explicit than the proposed change.
> 
> Well, this depends on whether you think Section 1.7 should list
> textual changes in the document, or clarification/changes to the
> protocol.
> 
> IMHO, it should be the latter, but I see that currently it's really
> listing the textual changes (even when they clearly don't have any
> impact on the protocol); so perhaps listing these separately is
> consistent with that...

I agree with you that it should be listing actual clarifications and
changes, not just textual changes. For implementor it does not really
matter what paragraphs were changed, he is interested what changes he
need to do for his implementation and for that the text saying that
Diffie-Hellman is now mandatory when rekeying IKE SA is much more
important than the fact that this changed text in section 1.3.2 and
2.18.

I proposed multiple such changes (including the one you pointed out)
in my email
(http://www.ietf.org/mail-archive/web/ipsec/current/msg05766.html) but
Paul didn't want to make those changes
(http://www.ietf.org/mail-archive/web/ipsec/current/msg05769.html). As
nobody else seemed to care, I didn't continue complaining about the
issue.
-- 
kivinen@xxxxxx
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]