Two comments about the IPsec-related parts:
1) Section 1 says:
"Sixteen additional groups subsequently have been defined and
assigned values by IANA for use with IKE (v1 and v2). All of
these additional groups are optional in the IKE context. Of
the twenty-one groups defined so far, eight are MODP groups
(exponentiation groups modulo a prime), ten are EC2N groups
(elliptic curve groups over GF[2^N]) and three are ECP groups
(elliptic curve groups over GF[P]).
This is not totally correct. As of this writing, no EC2N groups
have been assigned values for use with IKEv2. Also, eight of the
ten EC2N groups for IKEv1 are not documented in any RFC. (And yes,
I'm aware of draft-ietf-ipsec-ike-ecc-groups -- but that hasn't
been approved yet, and requires changes before approval.)
2) For IKEv1/IKEv2, the document should explicitly specify how
ECC points are converted to octet strings (for KE payloads
and resulting shared secret value). Currently, there are at
least three incompatible options (RFC 4753, RFC 2409, and
draft-ietf-ipsec-ike-ecc-groups-10 drafts). I'd suggest just
saying "the same way as in RFC 4753".
Best regards,
Pasi
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf