Ballot for draft-kivinen-ipsecme-oob-pubkey
Yes
No Objection
Note: This ballot was opened for revision 12 and is now closed.
- Good stuff, we must remember to define this for eddsa. - intro and security considerations: "Secure DNS" might be better as DNSSEC (Sorry if this is the reverse of some comment you've previously processed.)
In addition to Spencer's comment, which I agree with, I have some minor editorial comments about the abstract: The Internet Key Exchange Version 2 (IKEv2) protocol only supports RSA for raw public keys. As written, this sounds like it means that the only time IKEv2 supports RSA is when you're using raw public keys. What you actually mean is that when you're using raw public keys, only RSA is supported. You should re-word it, perhaps like this: NEW When using raw public keys in the Internet Key Exchange Version 2 (IKEv2) protocol, only RSA keys are supported. END This document updates RFC 7296 You're missing a "." here, but I suggest that you just roll this into the last sentence of the first paragraph instead: NEW This document updates RFC 7296, adding support for other types of raw public keys to IKEv2. END
A minimal-value-added comment follows, so I apologize in advance ... Would a better title for this document be "Algorithm-agnostic Raw Public Keys for IKEv2"? At a minimum, "More *Types of* Raw Public Keys for IKEv2" seems more accurate. I'm not a SEC guy, but I'm reading "more keys" as "more key values", and I'm pretty sure that's wrong.