Scott Fluhrer (sfluhrer) <sfluh...@cisco.com> wrote: > With your idea, there are three steps (and so the admin would update > each node in the network twice):
> - Step 0 is "never use PPKs"; we're running the standard IKE protocol. > - Step 1 is "if we're the initiator, then use PPKs if the responder > signaled support for it" "if we're the responder, then signal support, > and allow the use of PPKs" > - Step 2 is "insist on PPKs (and also signal > support if we're the responder)" This is a pretty normal process, yet it seems that some protocol designers often do not take this in account. I wonder if we should write this down as a BCP. {the rest of what you wrote is great} -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec