Sorry for my delay in response, I was at a conference in Thursday and am still catching up.
On Sat, Apr 4, 2015 at 9:00 PM, Paul Wouters <[email protected]> wrote: > On Thu, 2 Apr 2015, Stephen Kent wrote: > > Hi Steve, > > As the primary author of 4301, and the creator of the PAD, I believe this >> work >> does update that section of 4301. I agree with Kathleen that this doc >> needs to >> say precisely what parts of 4301 are being updated, perhaps using a >> before/after >> approach. >> > > Section 2.4 already describes our the changes to the PAD processing: > > https://tools.ietf.org/html/draft-ietf-ipsecme-ikev2-null- > auth-05#section-2.4 > > The original PAD text of 4301 is here: > > https://tools.ietf.org/html/rfc4301#section-4.4.3.1 > > If our text is not suitable, could you perhaps explain what is missing, > or even better, suggest text that would address your concerns with the > current section? > > The text currently suggests using a new BOOL to determine if a PAD entry > can use AUTH_NULL/ID_NULL. Would you prefer it rewritten as just another > type of ID that is only added to the PAD authentication types as specified > in 4301? > > If our current text is adequate, we can just add the "updated 4301" to > the document. > The problem is the current wording. I see Tero's point that you are really extending 4301, but you say you are updating it in the text with MUST statements. If you change that language, and include what you need from 4301, then you are fine with this as stand alone. Another way to handle it is to say that you are updating 4301, in a way that is specific to NULL Auth and this extension/update is only needed for AUTH_NULL/ID_NULL. That's still an "updates'. Thanks, Kathleen > > Thanks, > > Paul > > > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec > -- Best regards, Kathleen
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
