Last Call Review of draft-ietf-ippm-ipsec-08
review-ietf-ippm-ipsec-08-opsdir-lc-baker-2015-02-05-00
Request | Review of | draft-ietf-ippm-ipsec |
---|---|---|
Requested revision | No specific revision (document currently at 11) | |
Type | Last Call Review | |
Team | Ops Directorate (opsdir) | |
Deadline | 2015-02-09 | |
Requested | 2015-01-31 | |
Authors | Kostas Pentikousis , Emma Zhang , Yang Cui | |
I-D last updated | 2015-02-05 | |
Completed reviews |
Genart Last Call review of -08
by Meral Shirazipour
(diff)
Genart Telechat review of -09 by Meral Shirazipour (diff) Secdir Last Call review of -08 by Hannes Tschofenig (diff) Secdir Telechat review of -09 by Hannes Tschofenig (diff) Opsdir Last Call review of -08 by Fred Baker (diff) |
|
Assignment | Reviewer | Fred Baker |
State | Completed | |
Request | Last Call review on draft-ietf-ippm-ipsec by Ops Directorate Assigned | |
Reviewed revision | 08 (document currently at 11) | |
Result | Ready | |
Completed | 2015-02-05 |
review-ietf-ippm-ipsec-08-opsdir-lc-baker-2015-02-05-00
I have been asked to review draft-ietf-ippm-ipsec-08 for operational purposes. Fair disclaimer: I don’t claim to be a security expert. I would look for that review from the security directorate. I would say that, for what this intends to do, it is ready to go. With respect to the questions in http://tools.ietf.org/html/rfc5706#appendix-A.1 , this is a mechanism that might be used among consenting adults. The question of how it might interact with an implementation that doesn’t conform to the specification (for example, doesn’t implement IPsec) is not especially addressed; a fair supposition is that it would not work. However, if both ends support i, it provides a means to generate a temporary key from IPsec keying material exchanged using IKEv2 as opposed to requiring prior configuration. That is likely to improve deployability over present mechanisms. Attachment: signature.asc Description: Message signed with OpenPGP using GPGMail