Dino,
On 10/31/2011 05:01 AM, Dino Farinacci wrote:
This experimental specification does not address automated key
management (AKM).BCP 107<http://tools.ietf.org/html/bcp107> provides
guidance in this area.
Yes, but I think we should include two additional important pieces of
information. 1. you need to acknowledge that you are not following BCP 107 in
this case, as it requires AKM under certain conditions (we are within those
conditions, right?). And 2) more importantly, you need to document the
implications of not providing AKM. Personally, I do not necessarily consider it
a panacea, and often the nonce etc. mechanisms are far more important. In any
case, the reader needs to understand what we are losing without AKM.
This text was created, accepted, and agreed upon from the security ADs. So I
dare not to touch it.
I'm not at all sure I agree about the genesis of that text, but it
was the result of a protracted set of exchanges, (starting from
what I thought was worse text:-), so I can understand not wanting
to do that again.
However, you can "dare" if you like - its just text and can no
doubt be improved. In particular, Jari's suggested (2) above I
think (might be wrong since I didn't look) was something I also
wanted during that protracted discussion. So while Jari and I
may disagree as to whether or not AKM is an issue here or not, I
think we do agree that documenting the consequences of not having
AKM would be an improvement.
But, I did agree the current text without that so I'll live
with leaving it as it is I guess if that's what the WG want.
S.
_______________________________________________
lisp mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lisp
