Hi Tero,
On 10/17/2013 02:34 PM, Tero Kivinen wrote:
Hannes Tschofenig writes:
The document does not talk about cryptographic algorithm choices nor
does it talk about IPsec (which would be required for a complete
security implementation). Is that a problem? Not necessarily. It is
rather a matter of scope.
I think cryptographic algorithms depend so much about the hardware and
environment that I do not think it is useful to list them here. Also
this is mostly meant in environments where devices will know
beforehand that they will talk to each other, i.e. the sensor device
will know that the server it is connecting to, implements the
algorithms it is using, so that is not problem. I.e. the server end is
quite often full IKEv2 implementation so it will support much wider
range of algorithms and the minimal implementation just might support
one algorithm.
It was just a point that came to my mind when I was thinking about the
smart object security workshop where a number of people particularly
focused on algorithms, both asymmetric as well as symmetric key algorithms.
But you are certainly right that there might be a dependency on the
hardware and other factors that make it difficult to suggest a set of
algorithms.
I do not necessarily need to see a need to change the style and the
abstract says what the document is trying to accomplish. It might
nevertheless be helpful to note in the abstract that the document talks
about raw public keys as well or, if you believe the main focus is on
shared secrets, then put the shared secret authentication somewhere in
the title.
I added changed "describes only shared secret authentication" to
"describes mostly ..." in the abstract, and added paragraph in the
introduction:
The main body of this document describes how to use the shared
secret authentication in the IKEv2, as it is easiest to implement. In
some cases that is not enough and the Appendix B.2 describes how to
use Raw Public keys instead of shared secret authentication.
Thanks
The new version should be available shortly.
Thanks. As said in my review, I consider the document ready for the IESG.
Ciao
Hannes
_______________________________________________
Lwip mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lwip
