On Mon, 7 May 2012, Stephen Farrell wrote:
The draft is for TLS, but it occurs to me to ponder.. would
similar approach work for IPsec IKEv2 as an alternative to
verify endpoints?
IPsec is in the WG charter, [1] but there's been zero energy
for that so far. I believe the chairs plan to poll the WG
about that kind of thing once the current spec is out the
door. So, if you're interested in that, sign up to the WG
list.
Related to these are RFC-4025 and draft-kivinen-ipsecme-oob-pubkey,
and I do think there is a need to update the RFC to allow for the
new raw pubkets in IPsec using SPKI and wrap it up in a dane like
specification document, and would be willing to help.
Paul