Hello Valery,
I have never looked at IKE. I have implemented TLS 1.2 (http://www.squeaksource.com/Cryptography/SSL-CDavidShaffer.19.mcz) and SSH (http://www.squeaksource.com/Cryptography/SSH-rww.12.mcz), but they are both currently broken for some reason. It has been a number of years since I revisited them, and now I am thinking of porting them to the ThunkStack design of ParrotTalk. I would need a new ReceivingFrameBuff for them as ParrotTalks frames are different than either of those protocols. And of course a specific SessionOperations managing the state machine and message processing of each protocol. As I have said I am an implementation guy, as I think the code documents itself and test cases document the usage of the protocol. I really like to see them running in Squeak, but decided to shoot for interoperability with Java. Long ago Squeak Community decided correctly to use OpenSSL, as it is tested, approved and accepted.
Best,
Robert
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, November 21, 2018 11:08 AM, Valery Smyslov <smyslov.ietf@xxxxxxxxx> wrote:
Hi,
I will try to give my opinion why this protocol is superior. It is a minimal protocol to establish an encrypted connection. I view it as a positive that it does not use Certificates, you just need public and private keys for each agent.
This is possible to do with TLS as well, using RFC 7250.
IKEv2 also supports raw public keys (RFC7670). And it can be profiled to extremely
simple protocol, maintaining interoperability with full-featured spec (see RFC7815).
Regards,
Valery Smyslov.
