[IPsec] Paul Wouters' Yes on draft-ietf-ipsecme-ikev2-auth-announce-09: (with COMMENT)
Paul Wouters via Datatracker <noreply@ietf.org> Wed, 17 April 2024 16:52 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: ipsec@ietf.org
Delivered-To: ipsec@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BA79C14F703; Wed, 17 Apr 2024 09:52:58 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Paul Wouters via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-ipsecme-ikev2-auth-announce@ietf.org, ipsecme-chairs@ietf.org, ipsec@ietf.org, kivinen@iki.fi, kivinen@iki.fi
X-Test-IDTracker: no
X-IETF-IDTracker: 12.10.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Paul Wouters <paul.wouters@aiven.io>
Message-ID: <171337277810.36700.9099834928472039440@ietfa.amsl.com>
Date: Wed, 17 Apr 2024 09:52:58 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/DH2pUdnZTLdcPu-aOJwwEswG5BU>
Subject: [IPsec] Paul Wouters' Yes on draft-ietf-ipsecme-ikev2-auth-announce-09: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2024 16:52:58 -0000
Paul Wouters has entered the following ballot position for draft-ietf-ipsecme-ikev2-auth-announce-09: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-auth-announce/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Note that the IANA registry involved here was renamed since the latest draft was written :) Notify Message Type -> Notify Message Status Type "IKEv2 Notify Message Types - Status Types" -> IKEv2 Notify Message Status Type I wonder if it would make sense to somewhere explain that the authentication method refers to the AUTH payload, but that a separate peer ID check with its X.509 identity might need to be done, for which the CA cert that signed the EE cert could be using a different signature method? For example, the EE-cert could be using RSA-v1.5 while the AUTH payload could be using RSA-PSS. Or in some other way explain that peer ID proof checking is not "authentication" as used in this document?
- [IPsec] Paul Wouters' Yes on draft-ietf-ipsecme-i… Paul Wouters via Datatracker
- Re: [IPsec] Paul Wouters' Yes on draft-ietf-ipsec… Valery Smyslov
- Re: [IPsec] Paul Wouters' Yes on draft-ietf-ipsec… Paul Wouters
- Re: [IPsec] Paul Wouters' Yes on draft-ietf-ipsec… Valery Smyslov
- Re: [IPsec] Paul Wouters' Yes on draft-ietf-ipsec… Paul Wouters