> On 8 Dec 2016, at 1:43, Michael Richardson wrote:
>
>
> Scott Fluhrer (sfluhrer) wrote:
>> o There is the option listed in the draft, where we modify both the
>> KEYMAT and SKEYSEED computations; stirring it into the KEYMAT implies
>
> I read
Russ Housley wrote:
> I can see that manual keys are helpful for debugging, but otherwise I
> think they SHOULD NOT be used.
Exactly. I would like to have a SHOULD provide an interface (without which, I
can't determine why I can't interoperate with product FOO),
On Dec 7, 2016, at 5:00 PM, Timothy Carlin
> wrote:
Hello All,
I have some comments inline.
On Wed, Dec 7, 2016 at 4:41 PM, Paul Wouters
> wrote:
...
Are people actually deploying this?
The NIST USGv6
Scott Fluhrer (sfluhrer) wrote:
> o There is the option listed in the draft, where we modify both the
> KEYMAT and SKEYSEED computations; stirring it into the KEYMAT implies
I read through the three options, and I have difficulty picking.
...
> o Valery Smyslov
Thanks for confirming! I appreciate all of your help in cleaning this part up!
Tommy
> On Dec 7, 2016, at 11:52 AM, Hu, Jun (Nokia - US) wrote:
>
> Looks good to me
>
>> -Original Message-
>> From: IPsec [mailto:ipsec-boun...@ietf.org] On Behalf Of Tommy Pauly
>>
> -Original Message-
> From: Paul Wouters [mailto:p...@nohats.ca]
> Sent: Wednesday, December 07, 2016 1:42 PM
> To: Hu, Jun (Nokia - US)
> Cc: Tero Kivinen ; ipsec@ietf.org
> Subject: Re: [IPsec] RFC4301, rfc7321bis and Manual keys
>
> On Wed, 7 Dec
Hello All,
I have some comments inline.
On Wed, Dec 7, 2016 at 4:41 PM, Paul Wouters wrote:
> On Wed, 7 Dec 2016, Hu, Jun (Nokia - US) wrote:
>
> OSPFv3 authentication (RFC4552) mandate to use manual key, the reason is
>> OSPFv3 uses multicast.
>> So I could see manual key
On Wed, 7 Dec 2016, Hu, Jun (Nokia - US) wrote:
OSPFv3 authentication (RFC4552) mandate to use manual key, the reason is OSPFv3
uses multicast.
So I could see manual key IPsec could be needed in any multicast applications
since group key management is not widely available
For above reason, I
Looks good to me
> -Original Message-
> From: IPsec [mailto:ipsec-boun...@ietf.org] On Behalf Of Tommy Pauly
> Sent: Sunday, December 04, 2016 3:07 PM
> To: IPsecME WG
> Subject: [IPsec] draft-ietf-ipsecme-tcp-encaps-04.txt
>
> Hello all,
>
> I've updated the TCP
OSPFv3 authentication (RFC4552) mandate to use manual key, the reason is OSPFv3
uses multicast.
So I could see manual key IPsec could be needed in any multicast applications
since group key management is not widely available
For above reason, I think it should be "MAY" instead of "SHOULD NOT"
I can see that manual keys are helpful for debugging, but otherwise I think
they SHOULD NOT be used.
Russ
On Dec 7, 2016, at 11:11 AM, Tero Kivinen wrote:
> The RFC4301 requires support for manual keys (section 4.5), but I hope
> nobody really uses them. The rfc7321bis
The RFC4301 requires support for manual keys (section 4.5), but I hope
nobody really uses them. The rfc7321bis provides mandatory to
implement algorithms for the IKEv2 use, and does not really
specifically cover manual keys cases, but it does not really say that
manual keyed SAs are out of scope
12 matches
Mail list logo