I was looking at the interaction of draft-kivinen-ipsecme-oob-pubkey and IPSECKEY, since IPSECKEY has an algorithm number but oob-pubkey uses the SubjectPublicKeyInfo that encodes the algorithm in the SPKI value itself.
So first, if we were to fix this for IPSECKEY (and I'm not yet convinced we are there yet, as we might end up with updating IPSECKEY due to other issues we'll find over the next few months) we might consider allocating a special algorithm number to signify this in the IKE Authentication Method registry at http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-12 For instance, 255 :) Then I noticed that in fact the registry is a two octet value, while in the IPSECKEY record this is a one octet value: https://tools.ietf.org/html/rfc4025#section-2.1 That's clearly a bug. Is it worth filing an ERRATA for this or should we wait and see if we will replace IPSECKEY anyway? Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
