ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Gen-art review of draft-ietf-ipsecme-ikev2bis-08.txt

2010-03-20 08:04:36
from [Elwyn Davies] [Permanent Link] 


Paul Hoffman wrote:

At 2:37 PM +0000 3/19/10, Elwyn Davies wrote:
  

Not ready.  The document contains a lot of minor niggles and nits plus a 
major item that I am not sure the IETF should support:  this is the removal 
of all mention of mandatory to implement security suites from the document.  
I appreciate the difficulty of keeping up to the minute, but it seems to me 
that this is outweighed by the difficulty of guaranteeing interoperability.  
If the security landscape is so unstable, we have a bigger problem perhaps.  
Whether this change is acceptable to the IAB, the IESG and the wider IETF is 
not something I can resolve.

. . .

Major issues:

s3.3.4: The draft states that the list of mandatory to implement suites has 
been removed due to evolution going too fast.  Is this acceptable?

    


draft-ietf-ipsecme-ikev2bis is a revision of RFC 4306, and the paragraph in 
question about removing the mandatory-to-implement suites is copied directly 
from RFC 4306. When the original WG published RFC 4306 over four years ago, 
it decided to split out the suites into what became RFCs 4307 and 4308. 
draft-ietf-ipsecme-ikev2bis changes nothing here.

Does that clear up your issue, or are you saying that 
draft-ietf-ipsecme-ikev2bis should reverse the old policy and explicitly pull 
in the text from RFC 4307 and RFC 4308 into the new document?

--Paul Hoffman, Director
--VPN Consortium

  

Neither.

The omly mention of mandatory to implement suites is in s3.3.4 where it
appears to imply (to praphrase) that mandatory to mplement has been 
removed because we can't keep up. This can be quite happily be read as
'removed to the bit bucket'. As it stands a naive reader might conclude
that he can't guarantee much at all since there are no pointers to where
the list  has been removed *to*. 

This is the master specification for IKE if I understand correctly.  It
had better say that there MUST always be some mandatory to implement
algorithms, but it is perfectly legitimate to hand of the listing of
those to some other RFC that is less onerous to update.  It would be IMO
a good idea (as is done with all the rafts of updateable lists) to link
to the starting points of the chain of documents that tells an
implementer what are currently the required  protocols by referencing
RFC 4307 and RFC 4308, but again reminding us that there maybe heirs and
successors.

So easy enough to solve.

Regards
Elwyn


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: A state of spin ... presented in ASCII, Masataka Ohta
Next by Date:  Re: Make HTML and PDF more prominent, was: Re: Why the normative, Michael Dillon
Previous by Thread:  Re: Gen-art review of draft-ietf-ipsecme-ikev2bis-08.txt, Paul Hoffman
Next by Thread:  Re: Gen-art review of draft-ietf-ipsecme-ikev2bis-08.txt, Paul Hoffman
Indexes:  [Date] [Thread] [Top] [All Lists]