RE: [IPsec] Last Call: <draft-kivinen-ipsecme-ikev2-rfc5996bis-02.txt> (Internet Key Exchange Protocol Version 2 (IKEv2)) to Internet Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Yoav,

Yes, that's what I meant; your suggestion is fine with me.  To be honest, I wasn't sure whether this was a "substantive comment" or not, but the question was raised to me by a colleague and I thought that I should pass it on.  Apologies if my comment was too brief (and for the late follow-up).

Tony

-----Original Message-----
From: Yoav Nir [mailto:ynir.ietf@xxxxxxxxx]
Sent: Thursday, April 17, 2014 6:42 PM
To: PUTMAN, Tony (Tony)
Cc: ietf@xxxxxxxx; ipsec@xxxxxxxx
Subject: Re: [IPsec] Last Call: <draft-kivinen-ipsecme-ikev2-rfc5996bis-02.txt> (Internet Key Exchange Protocol Version 2 (IKEv2)) to Internet Standard

Hi, Tony

Thanks for the review.

I assume you mean that you don’t sign with public keys. Replacing “sign” with “validate” makes for a strange sentence, because the sentence is about sending (and presumably signing) rather than receiving (and validating).

How about:
“If multiple certificate are sent, the first MUST contain the public key associated with the private key used to sign the AUTH payload”

Yoav


On Apr 17, 2014, at 8:23 PM, PUTMAN, Tony (Tony) <tony.putman@xxxxxxxxxxxxxxxxxx> wrote:

> All,
>
> In section 3.6 (top of page 94), there is the statement,
>  "If multiple certificates
>   are sent, the first certificate MUST contain the public key used to
>   sign the AUTH payload."
>
> "sign" should be "validate".
>
> Regards,
> Tony
> --
> Tony Putman
> Alcatel-Lucent Technologies
>
> -----Original Message-----
> From: IPsec [mailto:ipsec-bounces@xxxxxxxx] On Behalf Of The IESG
> Sent: Friday, April 04, 2014 9:28 PM
> To: IETF-Announce
> Cc: ipsec@xxxxxxxx
> Subject: [IPsec] Last Call: <draft-kivinen-ipsecme-ikev2-rfc5996bis-02.txt> (Internet Key Exchange Protocol Version 2 (IKEv2)) to Internet Standard
>
>
> The IESG has received a request from the IP Security Maintenance and
> Extensions WG (ipsecme) to consider the following document:
> - 'Internet Key Exchange Protocol Version 2 (IKEv2)'
>  <draft-kivinen-ipsecme-ikev2-rfc5996bis-02.txt> as Internet Standard
>
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action. Please send substantive comments to the
> ietf@xxxxxxxx mailing lists by 2014-04-18. Exceptionally, comments may be
> sent to iesg@xxxxxxxx instead. In either case, please retain the
> beginning of the Subject line to allow automated sorting.
>
> Abstract
>
>
>   This document describes version 2 of the Internet Key Exchange (IKE)
>   protocol.  IKE is a component of IPsec used for performing mutual
>   authentication and establishing and maintaining Security Associations
>   (SAs).  This document replaces and updates RFC 5996, and includes all
>   of the errata for it, and it is intended to update IKEv2 to be
>   Internet Standard.
>
>
>
>
> The file can be obtained via
> http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-ikev2-rfc5996bis/
>
> IESG discussion can be tracked via
> http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-ikev2-rfc5996bis/ballot/
>
>
> No IPR declarations have been submitted directly on this I-D.
>
>
> _______________________________________________
> IPsec mailing list
> IPsec@xxxxxxxx
> https://www.ietf.org/mailman/listinfo/ipsec
>
> _______________________________________________
> IPsec mailing list
> IPsec@xxxxxxxx
> https://www.ietf.org/mailman/listinfo/ipsec






[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]