On Oct 31, 2014, at 2:13 PM, Paul Wouters <[email protected]> wrote: > > On Fri, 31 Oct 2014, Kathleen Moriarty wrote: > >> The chairs provided text for an updated charter in line with the newly >> adopted working group items. The recharter text has been posted and >> I'd like to give the WG a little time to comment prior to adding this >> to a telechat for review. >> >> Here is a link: >> >> http://datatracker.ietf.org/doc/charter-ietf-ipsecme/ > > > There is interest in adapting the IKE protocol for opportunistic use > cases, by > allowing one or both endpoints of the exchange to remain > unauthenticated. The > group will extend the protocol to support these use cases. The solution > should > be in line with current best practices, including channel binding and > possible > formal protocol security proofs. > > I don't think there was agreement on channel binding? It's a bit of an > old wound, since some believe BTNS failed because of channel binding > requirements (requiring kernel code changes)
There was not agreement that the eventual solution needs channel binding, but there was interest in us trying. If we fail at getting channel binding and/or formal security proofs, that's OK, but it's worth the effort. --Paul Hoffman _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
