I updated the draft-kivinen-ipsecme-oob-pubkey document, the new version includes some examples in the appendix, including the actual bits on the wire examples.
One thing that needs to be decided before this document is ready: "What shall we do with the old "Raw RSA Key" format?" The current draft keeps it, and RECOMMENDs this new format for all types of raw keys, and does the negotiation using the standard IKEv2 CERTREQ payloads. This means there is two ways of doing exactly same thing, i.e. sending Raw RSA keys in IKEv2. Another option would be to change this document to be Standard track document, mark it as Updating 5996, and say that using old "Raw RSA Key" format is NOT RECOMMENDED. This would mean there is only one way of sending Raw RSA keys keys in IKEv2, i.e. the new way. Third option would say that this new format is only used for non-RSA keys, and for Raw RSA keys, you always MUST use the old format. I do not like this last option as it would require minimal implementations to implement both formats, as with both of the above options the minimal implementation can just decide that it only supports this one format and uses it for everything. I would like to get feedback from the WG, which way should we go forward? ---------------------------------------------------------------------- From: [email protected] Subject: New Version Notification for draft-kivinen-ipsecme-oob-pubkey-01.txt Date: Tue, 16 Oct 2012 05:40:09 -0700 A new version of I-D, draft-kivinen-ipsecme-oob-pubkey-01.txt has been successfully submitted by Tero Kivinen and posted to the IETF repository. Filename: draft-kivinen-ipsecme-oob-pubkey Revision: 01 Title: More Raw Public Keys for IKEv2 Creation date: 2012-10-16 WG ID: Individual Submission Number of pages: 8 URL: http://www.ietf.org/internet-drafts/draft-kivinen-ipsecme-oob-pubkey-01.txt Status: http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-oob-pubkey Htmlized: http://tools.ietf.org/html/draft-kivinen-ipsecme-oob-pubkey-01 Diff: http://www.ietf.org/rfcdiff?url2=draft-kivinen-ipsecme-oob-pubkey-01 Abstract: The Internet Key Exchange Version 2 (IKEv2) protocol currently only supports raw RSA keys. In some environments it is useful to make use of other types of public keys, such as those based on Elliptic Curve Cryptography. This documents adds support for other types of raw public keys to IKEv2. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
