Hi Yoav, Yes, that's what I meant; your suggestion is fine with me. To be honest, I wasn't sure whether this was a "substantive comment" or not, but the question was raised to me by a colleague and I thought that I should pass it on. Apologies if my comment was too brief (and for the late follow-up). Tony -----Original Message----- From: Yoav Nir [mailto:ynir.ietf@xxxxxxxxx] Sent: Thursday, April 17, 2014 6:42 PM To: PUTMAN, Tony (Tony) Cc: ietf@xxxxxxxx; ipsec@xxxxxxxx Subject: Re: [IPsec] Last Call: <draft-kivinen-ipsecme-ikev2-rfc5996bis-02.txt> (Internet Key Exchange Protocol Version 2 (IKEv2)) to Internet Standard Hi, Tony Thanks for the review. I assume you mean that you don’t sign with public keys. Replacing “sign” with “validate” makes for a strange sentence, because the sentence is about sending (and presumably signing) rather than receiving (and validating). How about: “If multiple certificate are sent, the first MUST contain the public key associated with the private key used to sign the AUTH payload” Yoav On Apr 17, 2014, at 8:23 PM, PUTMAN, Tony (Tony) <tony.putman@xxxxxxxxxxxxxxxxxx> wrote: > All, > > In section 3.6 (top of page 94), there is the statement, > "If multiple certificates > are sent, the first certificate MUST contain the public key used to > sign the AUTH payload." > > "sign" should be "validate". > > Regards, > Tony > -- > Tony Putman > Alcatel-Lucent Technologies > > -----Original Message----- > From: IPsec [mailto:ipsec-bounces@xxxxxxxx] On Behalf Of The IESG > Sent: Friday, April 04, 2014 9:28 PM > To: IETF-Announce > Cc: ipsec@xxxxxxxx > Subject: [IPsec] Last Call: <draft-kivinen-ipsecme-ikev2-rfc5996bis-02.txt> (Internet Key Exchange Protocol Version 2 (IKEv2)) to Internet Standard > > > The IESG has received a request from the IP Security Maintenance and > Extensions WG (ipsecme) to consider the following document: > - 'Internet Key Exchange Protocol Version 2 (IKEv2)' > <draft-kivinen-ipsecme-ikev2-rfc5996bis-02.txt> as Internet Standard > > The IESG plans to make a decision in the next few weeks, and solicits > final comments on this action. Please send substantive comments to the > ietf@xxxxxxxx mailing lists by 2014-04-18. Exceptionally, comments may be > sent to iesg@xxxxxxxx instead. In either case, please retain the > beginning of the Subject line to allow automated sorting. > > Abstract > > > This document describes version 2 of the Internet Key Exchange (IKE) > protocol. IKE is a component of IPsec used for performing mutual > authentication and establishing and maintaining Security Associations > (SAs). This document replaces and updates RFC 5996, and includes all > of the errata for it, and it is intended to update IKEv2 to be > Internet Standard. > > > > > The file can be obtained via > http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-ikev2-rfc5996bis/ > > IESG discussion can be tracked via > http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-ikev2-rfc5996bis/ballot/ > > > No IPR declarations have been submitted directly on this I-D. > > > _______________________________________________ > IPsec mailing list > IPsec@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ipsec > > _______________________________________________ > IPsec mailing list > IPsec@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ipsec