Re: Gen-art review of draft-ietf-ipsecme-ikev2bis-08.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Paul Hoffman wrote:
> At 2:37 PM +0000 3/19/10, Elwyn Davies wrote:
>   
>> Not ready.  The document contains a lot of minor niggles and nits plus a major item that I am not sure the IETF should support:  this is the removal of all mention of mandatory to implement security suites from the document.  I appreciate the difficulty of keeping up to the minute, but it seems to me that this is outweighed by the difficulty of guaranteeing interoperability.  If the security landscape is so unstable, we have a bigger problem perhaps.  Whether this change is acceptable to the IAB, the IESG and the wider IETF is not something I can resolve.
>>
>> . . .
>>
>> Major issues:
>>
>> s3.3.4: The draft states that the list of mandatory to implement suites has been removed due to evolution going too fast.  Is this acceptable?
>>
>>     
>
> draft-ietf-ipsecme-ikev2bis is a revision of RFC 4306, and the paragraph in question about removing the mandatory-to-implement suites is copied directly from RFC 4306. When the original WG published RFC 4306 over four years ago, it decided to split out the suites into what became RFCs 4307 and 4308. draft-ietf-ipsecme-ikev2bis changes nothing here.
>
> Does that clear up your issue, or are you saying that draft-ietf-ipsecme-ikev2bis should reverse the old policy and explicitly pull in the text from RFC 4307 and RFC 4308 into the new document?
>
> --Paul Hoffman, Director
> --VPN Consortium
>
>   
Neither.

The omly mention of mandatory to implement suites is in s3.3.4 where it
appears to imply (to praphrase) that mandatory to mplement has been 
removed because we can't keep up. This can be quite happily be read as
'removed to the bit bucket'. As it stands a naive reader might conclude
that he can't guarantee much at all since there are no pointers to where
the list  has been removed *to*. 

This is the master specification for IKE if I understand correctly.  It
had better say that there MUST always be some mandatory to implement
algorithms, but it is perfectly legitimate to hand of the listing of
those to some other RFC that is less onerous to update.  It would be IMO
a good idea (as is done with all the rafts of updateable lists) to link
to the starting points of the chain of documents that tells an
implementer what are currently the required  protocols by referencing
RFC 4307 and RFC 4308, but again reminding us that there maybe heirs and
successors.

So easy enough to solve.

Regards
Elwyn


_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]