Russ Housley <[email protected]> wrote: > I can see that manual keys are helpful for debugging, but otherwise I > think they SHOULD NOT be used.
Exactly. I would like to have a SHOULD provide an interface (without which, I
can't determine why I can't interoperate with product FOO), but I agree with
Tero, I really don't want logos/etc. to be dependant on it.
>> Perhaps we should add note to the rfc7431bis that manual keys SHOULD
>> NOT be used, and mark it as updating RFC4301?
Yes.
>> Or should we have separate RFC stating that?
>>
>> I do not want to change it to MUST NOT as that would require people to
>> remove parts of their implementations to stay complient, but on the
>> other hand I do not want people to wasting their time to implenting
>> interface to configure manual keys when nobody is going to use them.
I would like people to document an interface, but I have no desire to expose
it to users. In your Android example, I'm perfectly happy with having a
shell and a netlink/pfkey socket as the "interface".
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
