Hi all
I have just read the subject draft, and found this in section 6 (and similar
text in the introduction):
Note that to support ERP, lower-layer specifications may need to be
revised. Specifically, the IEEE802.1x specification must be revised
to allow carrying EAP messages of the new codes defined in this
document in order to support ERP. Similarly, RFC 4306 must be
updated to include EAP code values higher than 4 in order to use ERP
with Internet Key Exchange Protocol version 2 (IKEv2). IKEv2 may
also be updated to support peer-initiated ERP for optimized
operation. Other lower layers may need similar revisions.
Note that this is not new text, and it appears pretty much the same way in RFC
5296.
There's the obvious nit with this text, that RFC 4306 is not a reference. If it
was, the id-nits would warn about this RFC being obsolete. But that's the small
problem here.
A bigger problem is that this text says that IKEv2 needs to be updated, but
there is no draft for this update, nor has there been any message to this list
about this proposed change.
The simple change they require is to section 3.16:
o Code (1 octet) indicates whether this message is a Request (1),
Response (2), Success (3), or Failure (4).
I think this could be done with an errata or a 1-page draft, if all that was
required was pass-through of codes (5) and (6). But I think it's more involved
than that.
There's peer-initiated ERP (which would require peer-initiated IKE?) and
multiple simultaneous operations. I think it may come to a somewhat larger
draft.
I think there should be at least a work-in-progress reference for 802.1x and
IKEv2 before the hokey draft progresses.
Yoav
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
