Pasi(_dot_)Eronen(_at_)nokia(_dot_)com writes:
Paul Hoffman wrote:
- One of the changes is listed in Section 1.7 twice. I'd suggest
combining
In section 1.3.2, changed "The KEi payload SHOULD be included" to
be "The KEi payload MUST be included". This also led to changes in
section 2.18.
and
Section 2.18 requires doing a Diffie-Hellman exchange when rekeying
the IKE_SA. In theory, RFC 4306 allowed a policy where the Diffie-
Hellman exchange was optional, but this was not useful (or
appropriate) when rekeying the IKE_SA.
as follows:
This document requires doing a Diffie-Hellman exchange when
rekeying the IKE_SA (and thus requires including the KEi/KEr
payloads). In theory, RFC 4306 allowed a policy where the
Diffie-Hellman exchange was optional (and KEi/KEr payloads could be
omitted), this was not useful (or appropriate) when rekeying the
IKE_SA.
Disagree. Where possible, I tried to list the actual sections where
changes were made, and your proposed rewording loses the two places.
The current text is more explicit than the proposed change.
Well, this depends on whether you think Section 1.7 should list
textual changes in the document, or clarification/changes to the
protocol.
IMHO, it should be the latter, but I see that currently it's really
listing the textual changes (even when they clearly don't have any
impact on the protocol); so perhaps listing these separately is
consistent with that...
I agree with you that it should be listing actual clarifications and
changes, not just textual changes. For implementor it does not really
matter what paragraphs were changed, he is interested what changes he
need to do for his implementation and for that the text saying that
Diffie-Hellman is now mandatory when rekeying IKE SA is much more
important than the fact that this changed text in section 1.3.2 and
2.18.
I proposed multiple such changes (including the one you pointed out)
in my email
(http://www.ietf.org/mail-archive/web/ipsec/current/msg05766.html) but
Paul didn't want to make those changes
(http://www.ietf.org/mail-archive/web/ipsec/current/msg05769.html). As
nobody else seemed to care, I didn't continue complaining about the
issue.
--
kivinen(_at_)iki(_dot_)fi
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf