Paul Wouters writes:
> > That sound reasonable, but shouldn’t the IoT devices have some guidelines
> > (maybe just a sentence) on what they should implement? We know that they
> > will not implement everything, and if they chose different subsets, they
> > will not be able to talk to each other.
> >
>
> I'd rather point to the minimal-IKE
>
> https://tools.ietf.org/html/draft-kivinen-ipsecme-ikev2-minimal-00
Minimal IKEv2 cannot modify the mandatory to implement algorithms.
LWIG charter says that:
The group shall focus only on techniques that have been used
in actual implementations and do not impact interoperability
with other devices. The techniques shall also not affect
conformance to the relevant specifications.
I.e. the minimal IKEv2 should still be interoperable with any IKEv2
client. We had this discussion there when we said that even when
certificates are mandatory to implement in IKEv2, they are not
mandatory to use, i.e. you can also use shared key authentication
(which is also mandatory to implement).
The minimal IKEv2 cannot say that implementations should use some
specific algorithm unless that is mandatory to implement, as otherwise
it would not be interoperable to existing IKEv2 implementations
implementing only mandatory to implement algorithms.
Thats why minimal IKEv2 will not say anything about the algorithms, as
that would not be in charter with LWIG WG.
Here in the IPsecME WG, we can do that, i.e. I think adding separate
section for constrained devices, and list what algorithms they should
implement is good idea.
--
[email protected]
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
