ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [IPsec] Last Call: <draft-kivinen-ipsecme-ikev2-rfc5996bis-02.txt> (Internet Key Exchange Protocol Version 2 (IKEv2)) to Internet Standard

2014-04-17 12:42:58
from [Yoav Nir] [Permanent Link] 
Hi, Tony

Thanks for the review.

I assume you mean that you don’t sign with public keys. Replacing “sign” with 
“validate” makes for a strange sentence, because the sentence is about sending 
(and presumably signing) rather than receiving (and validating).

How about:
“If multiple certificate are sent, the first MUST contain the public key 
associated with the private key used to sign the AUTH payload”

Yoav


On Apr 17, 2014, at 8:23 PM, PUTMAN, Tony (Tony) 
<tony(_dot_)putman(_at_)alcatel-lucent(_dot_)com> wrote:


All,

In section 3.6 (top of page 94), there is the statement,
 "If multiple certificates
  are sent, the first certificate MUST contain the public key used to
  sign the AUTH payload."

"sign" should be "validate".

Regards,
Tony
--
Tony Putman
Alcatel-Lucent Technologies

-----Original Message-----
From: IPsec [mailto:ipsec-bounces(_at_)ietf(_dot_)org] On Behalf Of The IESG
Sent: Friday, April 04, 2014 9:28 PM
To: IETF-Announce
Cc: ipsec(_at_)ietf(_dot_)org
Subject: [IPsec] Last Call: <draft-kivinen-ipsecme-ikev2-rfc5996bis-02.txt> 
(Internet Key Exchange Protocol Version 2 (IKEv2)) to Internet Standard


The IESG has received a request from the IP Security Maintenance and
Extensions WG (ipsecme) to consider the following document:
- 'Internet Key Exchange Protocol Version 2 (IKEv2)'
 <draft-kivinen-ipsecme-ikev2-rfc5996bis-02.txt> as Internet Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2014-04-18. Exceptionally, comments 
may be
sent to iesg(_at_)ietf(_dot_)org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This document describes version 2 of the Internet Key Exchange (IKE)
  protocol.  IKE is a component of IPsec used for performing mutual
  authentication and establishing and maintaining Security Associations
  (SAs).  This document replaces and updates RFC 5996, and includes all
  of the errata for it, and it is intended to update IKEv2 to be
  Internet Standard.




The file can be obtained via
http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-ikev2-rfc5996bis/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-ikev2-rfc5996bis/ballot/


No IPR declarations have been submitted directly on this I-D.


_______________________________________________
IPsec mailing list
IPsec(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ipsec

_______________________________________________
IPsec mailing list
IPsec(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ipsec
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: "why I quit writing internet standards", Thomas Nadeau
Next by Date:  Re: [Recentattendees] ACTION: 2014 Meeting Venue Preference Survey, Ray Pelletier
Previous by Thread:  RE: [IPsec] Last Call: <draft-kivinen-ipsecme-ikev2-rfc5996bis-02.txt> (Internet Key Exchange Protocol Version 2 (IKEv2)) to Internet Standard, PUTMAN, Tony (Tony)
Next by Thread:  RE: [IPsec] Last Call: <draft-kivinen-ipsecme-ikev2-rfc5996bis-02.txt> (Internet Key Exchange Protocol Version 2 (IKEv2)) to Internet Standard, PUTMAN, Tony (Tony)
Indexes:  [Date] [Thread] [Top] [All Lists]