During IETF103, authors of draft-carrel-ipsecme-controller-ike stated
that 3rd case (Controller-IKE) should be added
to the document.
We thought it was still an open debate. In fact, I mentioned in the last
meeting that between case 1 and case 3, I would prefer
case 1 (IKE case) since as I said ( minute 1:05:03) I do not see any advantage
provided by Controller-IKE. Any feature included
in Controller-IKE is already in case 1. Therefore, the question about what are
the advantages of Controller-IKE vs case 1 has not
been answered yet, in my humble opinion.
I'm concerned about draft-carrel-ipsecme-controller-ike. I think it
would be good that before anything is decided here, is that the authors
of that draft present their idea at the IPsecME WG first. It's a bit
scary that large parts of IKEv2 (eg authentication) is left out, and
KEYMAT generation is modified from the original IKE version, and that
SPI number generation is used as a shorthand for confirming policy
negotiation.
Paul
_______________________________________________
I2nsf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i2nsf
