Guidelines for Cryptographic Key Management
RFC 4107

Note: This ballot was opened for revision 03 and is now closed.

(Sam Hartman) Yes

(Harald Alvestrand) No Objection

Comment (2005-02-17)
No email
send info
Reviewed by Scott Brim, Gen-ART
Some comments that may need addressing; full review in comment log.

(Margaret Cullen) No Objection

(Bill Fenner) No Objection

(Ted Hardie) No Objection

(Scott Hollenbeck) No Objection

(David Kessens) No Objection

(Allison Mankin) No Objection

Comment (2005-02-17)
No email
send info
Not a Discuss, but for a discussion at some point:

Is it possible to add to the reasons for not using automated key management that
an automated key management protocol is not available with suitable applicability
for the application environment?  (IKEv2 and IPSec are not ideal for every application
environment, but what other warm recommendation do we have for automated key 
management for applications?)

(Thomas Narten) No Objection

Comment (2005-02-17)
No email
send info
> 2.2. Manual Key Management
>    Manual key management is a reasonable approach in any of these
>    situations:

should we s/is a/may be a/?

My concern is that the first example "limited bandwidth" is something
I hear a lot about, and I don't want folk to be able to say "see, this
document says we're a special case"

(Alex Zinin) No Objection

(Russ Housley) Recuse