I am not sure I understand whats being meant by in-band negotiation
here?
Many protocols negotiate which crypto algorithm (or even more generic
security mechanism) to use. Those negotiations, if done poorly, can
be subject to downgrade attacks.
Given how common security negotiation is, it's worthwhile to
point out
whether or not each of these protocols do it or whether they depend
entirely on static configuration of each endpoint.
All the protocols covered in this document provide the Key ID that's carried in
the protocol packets that's used by the receiving end to authenticate the
packet. So there is no exchange of crypto algorithms, etc that's done. We can
mention this in the next revision.
Cheers, Manav
-- Sam
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf