[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Resolving Russ Housley's DISCUSSes on Node Requirements, part 2



Pekka Savola wrote:
> On Fri, 13 Aug 2004 john.loughney@nokia.com wrote:
> 
>>The problem is, how to pick between IKEv1 or IKEv2?  There is no guidence 
>>anywhere on this. 
> 
> 
> True, that could cause an interoperability issue.  But this is what
> the security ADs should be giving guidance on :).
> 
> 
>>However, discussing this point with Russ, his intention was more about 
>>Key Management, not specifically IKEv1 or IKEv2, hence my text.
> 
> 
> What was the context of that discussion?  Was it key management for 
> *IPsec* or key management in general.
> 
> If the former, I don't think the current text captures this clearly, 
> as it mentions stuff like Kerberos, TLS and S/MIME.  If in general, 
> then it's probably fine.

I would strongly advise not making this document logically dependent
on the IETF giving unambiguous guidance on key management in general
or on IKE versions in particular. If we did so, we'd never get the
thing published. So IMHO we have no alternative to the "general"
context.

     Brian

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------