Shepherd writeup for draft-ietf-ipsecme-ikev2-null-auth
Paul Hoffman is the document shepherd, and Kathleen Moriarty is the responsible Area Director.
This document defines a new authentication mechanism for IKEv2, appropriately called "NULL". The
NULL mechanism allows two IKE peers to establish either single-side or mutual authentication for
those use cases where a peer is unwilling or unable to authenticate or identify itself. This is
useful for using IPsec with opportunistic security without the need to sacrifice anonymity. The
document also defines a new identification type, ID_NULL.
2. Review and Consensus
The document was discussed fairly well in the WG. The WG Last Call elicited a lot of review and
changes to the document, which were then reviewed in a second WG Last Call.
After discussing with other ADs, our AD asked for this document to be labeled as "Updates 4301"
based on the text previously in Section 2.4. There was a bit of WG discussion about
whether or not this document fits the general definition of "updates" for another RFC,
with no strong feelings either way. The document was changed to say "Updates 4301",
and the prose now talks about the update.
3. Intellectual Property
Both authors have stated that they do not know of any relevant IPR for this document.
4. Other Points
Although the basic idea for null authentication is pretty simple, it turns out to be a bit complex
to add this to IKEv2 safely. This caused the discussion to go on longer than initially expected, but
the outcome is a more complete document.
The document has a normative reference to RFC 5739, which is Experimental, and some people might
have a problem with this. RFC 5739 really is experimental, and no one seems to want to do the
admittedly hard work to bring it to stanards track. If this becomes too much of an issue for the
purists, the reference can be moved to the Informative References section, but it is more
appropriate as a normative reference.