Behcet Sarikaya writes: > This document defines a stripped-down IPSec IKEv2, could such a > document be informational?
This is just summary of the minimal features of the IKEv2. Only thing we do change from the actual IKEv2 specification is that we do remove the requirement for support for certificates. I think this document should be informational, as the RFC5996 is going to be the authorative description anyways and we are compliant with the RFC5996 (when using one of the mandatory required authentication method in there). This is more like a profile document. > Why has RSA been kept? Raw RSA keys is listed in the Appendix B. Useful Optional Features because I do think that is going to be the most commonly used authentication method. When my raw public keys draft is going forward in the ipsecme wg, I think that will also be included in the appendix. Pre-shared keys has the problem that they do not scale, and in most of the internet of things like setups you cannot really use pre-shared keys. Using raw public keys solves the scalability problem, but does not involve the certificate validation issues. -- [email protected] _______________________________________________ Lwip mailing list [email protected] https://www.ietf.org/mailman/listinfo/lwip
