Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: RFC Editor <email@example.com>, ipsecme mailing list <firstname.lastname@example.org>, ipsecme chair <email@example.com> Subject: Protocol Action: 'Signature Authentication in IKEv2' to Proposed Standard (draft-kivinen-ipsecme-signature-auth-07.txt) The IESG has approved the following document: - 'Signature Authentication in IKEv2' (draft-kivinen-ipsecme-signature-auth-07.txt) as Proposed Standard This document is the product of the IP Security Maintenance and Extensions Working Group. The IESG contact persons are Kathleen Moriarty and Stephen Farrell. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-signature-auth/
Technical Summary This document generalizes the IKEv2 signature support so it can support any signature method supported by the PKIX and also adds signature hash algorithm negotiation. This means that all types of signatures, not just RSA and ECDSA, and any type of elliptic curves can be supported. Working Group Summary The WG discussion of the document was very good, with wide consensus for adoption. There were no objections to adoption. There were only a few small changes requested during IETF Last Call, which were addressed by the authors. Document Quality The draft went through an extensive editorial revision after WG Last Call, and that version was last called again in the WG. Joel Snyder was added as co-author. This is a protocol extension and is meant for proposed standard. Personnel Paul Hoffman (IPsecME WG co-chair) is the document shepherd and Kathleen Moriarty is the responsible AD. The IANA Expert(s) for the registries in this document are to be by expert review, likely the document editor.