On Thu, Oct 4, 2012 at 7:57 AM, Tero Kivinen <[email protected]> wrote: > Behcet Sarikaya writes: >> This document defines a stripped-down IPSec IKEv2, could such a >> document be informational? > > This is just summary of the minimal features of the IKEv2. Only thing > we do change from the actual IKEv2 specification is that we do remove > the requirement for support for certificates.
So there is some normative change. > I think this document > should be informational, as the RFC5996 is going to be the authorative > description anyways and we are compliant with the RFC5996 (when using > one of the mandatory required authentication method in there). This is > more like a profile document. I am with you on this. > >> Why has RSA been kept? > > Raw RSA keys is listed in the Appendix B. Useful Optional Features > because I do think that is going to be the most commonly used > authentication method. When my raw public keys draft is going forward > in the ipsecme wg, I think that will also be included in the appendix. > Support. > Pre-shared keys has the problem that they do not scale, and in most of > the internet of things like setups you cannot really use pre-shared > keys. Using raw public keys solves the scalability problem, but does > not involve the certificate validation issues. What about ECC instead of RSA? Regards, Behcet _______________________________________________ Lwip mailing list [email protected] https://www.ietf.org/mailman/listinfo/lwip
