I would need author to reply this email and express whether there is
any IPRs related to this draft known by the authors.
--
In section 3.1 the draft says:
Instead, the initiator MAY either link the
Announcements to the CAs received in the IKE_SA_INIT response, or MAY
ignore the SUPPORTED_AUTH_METHODS notification entirely.
but instead of ignoring the SUPPORTED_AUTH_METHODS notification
entirely, it could simply ignore the cert linking. If it ignores the
whole SUPPORTED_AUTH_METHODS it might pick completely unusable method,
so instead it should use that to pick suitable methods, even when it
can't link them to specific trust anchors.
--
In section 3.2 the draft says:
The meaning of the remaining octets of the blob, if
any, depends on the authentication method and is defined below.
I think it would be simply bettter to say:
The meaning of the remaining octets of the blob, if
any, depends on the authentication method.
as in the future some of those authentication methods might be defined
in other documents and not below...
--
As this document adds two new variations of the basic IKEv2
IKE_SA_INIT / (IKE_INTERMEDIATE) / IKE_AUTH, it would be really good
to have IKEv2 RFC 7296 Appendix C style exchange summaries. Please add
those.
--
I-D nits complain :
== Outdated reference: A later version (-09) exists of
draft-ounsworth-pq-composite-sigs-08
so fix that also at the same time.
--
[email protected]
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
