Last Call Review of draft-ietf-ippm-ipsec-08
review-ietf-ippm-ipsec-08-opsdir-lc-baker-2015-02-05-00

Request Review of draft-ietf-ippm-ipsec
Requested rev. no specific revision (document currently at 11)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2015-02-09
Requested 2015-01-31
Authors Kostas Pentikousis, Emma Zhang, Yang Cui
Draft last updated 2015-02-05
Completed reviews Genart Last Call review of -08 by Meral Shirazipour (diff)
Genart Telechat review of -09 by Meral Shirazipour (diff)
Secdir Last Call review of -08 by Hannes Tschofenig (diff)
Secdir Telechat review of -09 by Hannes Tschofenig (diff)
Opsdir Last Call review of -08 by Fred Baker (diff)
Assignment Reviewer Fred Baker
State Completed
Review review-ietf-ippm-ipsec-08-opsdir-lc-baker-2015-02-05
Reviewed rev. 08 (document currently at 11)
Review result Ready
Review completed: 2015-02-05

Review
review-ietf-ippm-ipsec-08-opsdir-lc-baker-2015-02-05

I have been asked to review draft-ietf-ippm-ipsec-08 for operational purposes. Fair disclaimer: I don’t claim to be a security expert. I would look for that review from the security directorate.

I would say that, for what this intends to do, it is ready to go.

With respect to the questions in 

http://tools.ietf.org/html/rfc5706#appendix-A.1

, this is a mechanism that might be used among consenting adults. The question of how it might interact with an implementation that doesn’t conform to the specification (for example, doesn’t implement IPsec) is not especially addressed; a fair supposition is that it would not work. However, if both ends support i, it provides a means to generate a temporary key from IPsec keying material exchanged using IKEv2 as opposed to requiring prior configuration. That is likely to improve deployability over present mechanisms.


Attachment:


signature.asc




Description:

 Message signed with OpenPGP using GPGMail