ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [IPsec] IETFLC comments for draft-ietf-ipsecme-ikev2bis-08

2010-03-08 10:41:10
from [Tero Kivinen] [Permanent Link] 
Pasi(_dot_)Eronen(_at_)nokia(_dot_)com writes:

Paul Hoffman wrote:


- One of the changes is listed in Section 1.7 twice. I'd suggest
combining

  In section 1.3.2, changed "The KEi payload SHOULD be included" to
  be "The KEi payload MUST be included".  This also led to changes in
  section 2.18.

and

  Section 2.18 requires doing a Diffie-Hellman exchange when rekeying
  the IKE_SA.  In theory, RFC 4306 allowed a policy where the Diffie-
  Hellman exchange was optional, but this was not useful (or
  appropriate) when rekeying the IKE_SA.

as follows:

  This document requires doing a Diffie-Hellman exchange when
  rekeying the IKE_SA (and thus requires including the KEi/KEr
  payloads).  In theory, RFC 4306 allowed a policy where the
  Diffie-Hellman exchange was optional (and KEi/KEr payloads could be
  omitted), this was not useful (or appropriate) when rekeying the
  IKE_SA.


Disagree. Where possible, I tried to list the actual sections where
changes were made, and your proposed rewording loses the two places.
The current text is more explicit than the proposed change.


Well, this depends on whether you think Section 1.7 should list
textual changes in the document, or clarification/changes to the
protocol.

IMHO, it should be the latter, but I see that currently it's really
listing the textual changes (even when they clearly don't have any
impact on the protocol); so perhaps listing these separately is
consistent with that...


I agree with you that it should be listing actual clarifications and
changes, not just textual changes. For implementor it does not really
matter what paragraphs were changed, he is interested what changes he
need to do for his implementation and for that the text saying that
Diffie-Hellman is now mandatory when rekeying IKE SA is much more
important than the fact that this changed text in section 1.3.2 and
2.18.

I proposed multiple such changes (including the one you pointed out)
in my email
(http://www.ietf.org/mail-archive/web/ipsec/current/msg05766.html) but
Paul didn't want to make those changes
(http://www.ietf.org/mail-archive/web/ipsec/current/msg05769.html). As
nobody else seemed to care, I didn't continue complaining about the
issue.
-- 
kivinen(_at_)iki(_dot_)fi
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Gen-ART review of draft-ietf-dnsext-axfr-clarify-13, Alfred Hönes
Next by Date:  Re: [IPsec] IETFLC comments for draft-ietf-ipsecme-ikev2bis-08, Tero Kivinen
Previous by Thread:  Re: [IPsec] IETFLC comments for draft-ietf-ipsecme-ikev2bis-08, Tero Kivinen
Next by Thread:  Re: [IPsec] IETFLC comments for draft-ietf-ipsecme-ikev2bis-08, Raj Singh
Indexes:  [Date] [Thread] [Top] [All Lists]