Hi Brian/ Jari,
I see a few more inconsistencies regarding the same RFC:
Since ESP encryption and authentication are both optional, support
for the NULL encryption algorithm [RFC-2410] and the NULL
authentication algorithm [RFC-2406] MUST be provided to maintain
consistency with the way these services are negotiated.
>From RFC4301
- confidentiality-only (MAY be supported)
- integrity only (MUST be supported)
- confidentiality and integrity (MUST be supported)
I think only encryption is now optional in RFC4301. We do not
necessarily need to allow NULL authentication either. Actually this is
still a problem with RFC4305 and it was not updated because the issue
was found late in the RFC process.
Thanks,
Vishwas
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Brian E Carpenter
Sent: Friday, January 06, 2006 6:50 PM
To: Jari Arkko
Cc: [EMAIL PROTECTED]; [email protected]; Dave Thaler
Subject: Re: draft-ietf-ipv6-node-requirements-11.txt
IMHO, the reference updates should be done during AUTH48 without
further discussion, but making AH optional seems like a substantive
change.
Personally, I would support that change, i.e. s/MUST/MAY/.
Brian (speaking only for myself)
Jari Arkko wrote:
> They should be updated. By the way I noticed recently
> that the RFC Editor does not necessarily do "obsoleted by"
> updates to references automatically. This stuff needs to
> be done by the authors in AUTH48. And in this particular
> case we have even text changes, as you point out.
>
> By the way, there are also substantive changes in the
> new IPsec documents. For instance, AH support is no
> longer a MUST. I think this should be reflected in the
> node requirements document too, as that currently
> says "AH [RFC-2402] MUST be supported.".
>
> There's probably an impact in the algorithms and key
> management sections, too...
>
> --Jari
>
> Dave Thaler wrote:
>
>> The draft in the RFC-editors queue now references obsoleted (as of
last
>> month) RFCs. Specifically:
>> RFC2401 is now obsoleted by RFC4301
>> RFC2402 is now obsoleted by RFC4302
>> RFC2404 is now obsoleted by RFC4305
>> RFC2406 is now obsoleted by RFC4303, RFC4305
>> RFC2407,2408,2409 are now obsoleted by RFC4306
>>
>> Also two statements in section 8 are now obsolete as a result:
>> "RFC-2401 is being updated by the IPsec Working Group."
>> "RFC-2406 and RFC 2402 are being updated by the IPsec Working
Group."
>>
>> Can these be updated?
>>
>> -Dave
>>
>>
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
