Last Call Review of draft-ietf-ippm-ipsec-08
review-ietf-ippm-ipsec-08-opsdir-lc-baker-2015-02-05-00
Request | Review of | draft-ietf-ippm-ipsec |
---|---|---|
Requested revision | No specific revision (document currently at 11) | |
Type | IETF Last Call Review | |
Team | Ops Directorate (opsdir) | |
Deadline | 2015-02-09 | |
Requested | 2015-01-31 | |
Authors | Kostas Pentikousis , Emma Zhang , Yang Cui | |
I-D last updated | 2015-12-20 (Latest revision 2015-08-26) | |
Completed reviews |
Genart IETF Last Call review of -08
by Meral Shirazipour
(diff)
Genart Telechat review of -09 by Meral Shirazipour (diff) Secdir IETF Last Call review of -08 by Hannes Tschofenig (diff) Secdir Telechat review of -09 by Hannes Tschofenig (diff) Opsdir IETF Last Call review of -08 by Fred Baker (diff) |
|
Assignment | Reviewer | Fred Baker |
State | Completed | |
Request | IETF Last Call review on draft-ietf-ippm-ipsec by Ops Directorate Assigned | |
Reviewed revision | 08 (document currently at 11) | |
Result | Ready | |
Completed | 2015-02-05 |
review-ietf-ippm-ipsec-08-opsdir-lc-baker-2015-02-05-00
I have been asked to review draft-ietf-ippm-ipsec-08 for operational purposes. Fair disclaimer: I don’t claim to be a security expert. I would look for that review from the security directorate. I would say that, for what this intends to do, it is ready to go. With respect to the questions in http://tools.ietf.org/html/rfc5706#appendix-A.1 , this is a mechanism that might be used among consenting adults. The question of how it might interact with an implementation that doesn’t conform to the specification (for example, doesn’t implement IPsec) is not especially addressed; a fair supposition is that it would not work. However, if both ends support i, it provides a means to generate a temporary key from IPsec keying material exchanged using IKEv2 as opposed to requiring prior configuration. That is likely to improve deployability over present mechanisms. Attachment: signature.asc Description: Message signed with OpenPGP using GPGMail