Scott Fluhrer (sfluhrer) <sfluh...@cisco.com> wrote:
> With your idea, there are three steps (and so the admin would update
> each node in the network twice):
> - Step 0 is "never use PPKs"; we're running the standard IKE protocol.
> - Step 1 is "if we're the initiator, then use PPKs if the responder
> signaled support for it" "if we're the responder, then signal support,
> and allow the use of PPKs"
> - Step 2 is "insist on PPKs (and also signal
> support if we're the responder)"
This is a pretty normal process, yet it seems that some protocol designers
often do not take this in account. I wonder if we should write this down
as a BCP.
{the rest of what you wrote is great}
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
