Skip to main content

Last Call Review of draft-kivinen-ipsecme-ikev2-rfc5996bis-02
review-kivinen-ipsecme-ikev2-rfc5996bis-02-secdir-lc-kelly-2014-04-24-00

Request Review of draft-kivinen-ipsecme-ikev2-rfc5996bis
Requested revision No specific revision (document currently at 04)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2014-04-18
Requested 2014-04-10
Authors Charlie Kaufman , Paul E. Hoffman , Yoav Nir , Pasi Eronen , Tero Kivinen
Draft last updated 2014-04-24
Completed reviews Genart Last Call review of -02 by Suresh Krishnan (diff)
Genart Telechat review of -03 by Suresh Krishnan (diff)
Secdir Last Call review of -02 by Scott G. Kelly (diff)
Assignment Reviewer Scott G. Kelly
State Completed
Review review-kivinen-ipsecme-ikev2-rfc5996bis-02-secdir-lc-kelly-2014-04-24
Reviewed revision 02 (document currently at 04)
Result Ready
Completed 2014-04-24
review-kivinen-ipsecme-ikev2-rfc5996bis-02-secdir-lc-kelly-2014-04-24-00
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat these comments just like any other
last call comments.

This is an update to RFC5996 (IKEv2). From the document, it makes the following
changes:

   Fixed section 3.6 and 3.10 as specified in the RFC5996 errata 2707
   and 3036.

   Removed Raw RSA Public keys.  There is new work ongoing to replace
   that with more generic format for generic raw public keys.

   Added reference to the RFC6989 when using non Sophie-Germain Diffie-
   Hellman groups, or when reusing Diffie-Hellman Exponentials.

   Added reference to the RFC4945 in the Identification Payloads
   section.

   Added IANA Considerations section note about removing the Raw RSA
   Key, and removed the old contents which was already done during
   RFC5996 processing.  Added note that IANA should update IKEv2
   registry to point to this document instead of RFC5996.

   Clarified that the intended status of this document is Internet
   Standard both in abstract and Introduction section.

   Added name Last Substruc for the Proposal and Transform Substructure
   header for the 0 (last) or 2/3 (more) field.

Based on the well known and well respected collection of authors, I think it is
safe to conclude that ample consideration has been given to all things security
in this one. I see nothing in the above list that makes me think otherwise.

--Scott