Many thanks to Joel Snyder for helping clarify lots of the wording in this document. It feels much cleaner to me. I'm not 100% convinced that technical changes slipped in during those extensive changes. So, I'd really like the WG to review the latest draft. If you have any new concerns at all, please send them to the mailing list before Wednesday May 14.
--Paul Hoffman On May 7, 2014, at 5:50 AM, [email protected] wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the IP Security Maintenance and Extensions > Working Group of the IETF. > > Title : Signature Authentication in IKEv2 > Authors : Tero Kivinen > Joel Snyder > Filename : draft-kivinen-ipsecme-signature-auth-06.txt > Pages : 17 > Date : 2014-05-07 > > Abstract: > The Internet Key Exchange Version 2 (IKEv2) protocol has limited > support for the Elliptic Curve Digital Signature Algorithm (ECDSA). > The current version only includes support for three Elliptic Curve > groups, and there is a fixed hash algorithm tied to each group. This > document generalizes IKEv2 signature support to allow any signature > method supported by the PKIX and also adds signature hash algorithm > negotiation. This is a generic mechanism, and is not limited to > ECDSA, but can also be used with other signature algorithms. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-kivinen-ipsecme-signature-auth/ > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-kivinen-ipsecme-signature-auth-06 > > A diff from the previous version is available at: > http://www.ietf.org/rfcdiff?url2=draft-kivinen-ipsecme-signature-auth-06 _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
