On Feb 9, 2012, at 9:59 AM, Yaron Sheffer wrote: > Hi Pearl, Tero, > > Regarding the first change (IPsec Auth Methods), I prefer the existing > language. Even though IKEv1 has been obsoleted, I think change control of > this central piece of the protocol needs to still require a higher bar than > just "specification required". > > I'm afraid my co-chair disagrees, but he can surely speak for himself...
I do, and I can. The overhead of requiring IETF and RFC Editor process for extensions to a popular-but-obsolete protocol is not worth it. If someone publishes a new authentication mechanism for IKEv1 that has significant flaws (and they certainly will), they publish a new document and it gets a new identifier. This will damp out fairly quickly, and auth mechanism developers will get more input before publishing. --Paul Hoffman _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
