Re: [IPsec] Fwd: Last Call: draft-ietf-ipsecme-ikev2bis (Internet Key Exchange Protocol: IKEv2) to Proposed Standard
Paul Hoffman <paul.hoffman@vpnc.org> Fri, 19 March 2010 02:17 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 318113A6855 for <ipsec@core3.amsl.com>; Thu, 18 Mar 2010 19:17:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.907
X-Spam-Level:
X-Spam-Status: No, score=-4.907 tagged_above=-999 required=5 tests=[AWL=-0.591, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, HELO_MISMATCH_COM=0.553, J_CHICKENPOX_73=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xOEGVwP+gPzG for <ipsec@core3.amsl.com>; Thu, 18 Mar 2010 19:17:43 -0700 (PDT)
Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id DB6CC3A68E8 for <ipsec@ietf.org>; Thu, 18 Mar 2010 19:17:41 -0700 (PDT)
Received: from [10.20.30.158] (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id o2J2Hqkh004543 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ipsec@ietf.org>; Thu, 18 Mar 2010 19:17:53 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p0624086ac7c88eb5a7ff@[10.20.30.158]>
In-Reply-To: <p0624081ec7b5ec39c6b5@[10.20.30.158]>
References: <p0624081ec7b5ec39c6b5@[10.20.30.158]>
Date: Thu, 18 Mar 2010 19:17:50 -0700
To: IPsecme WG <ipsec@ietf.org>
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="us-ascii"
Subject: Re: [IPsec] Fwd: Last Call: draft-ietf-ipsecme-ikev2bis (Internet Key Exchange Protocol: IKEv2) to Proposed Standard
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Mar 2010 02:17:47 -0000
The IETF Last Call on IKEv2bis is now over (but comments are still welcome). I have made the following changes to the draft. I'll turn in the draft on Monday after the face-to-face meeting, and our new AD will then put it on a future IESG telechat. You'll have plenty of time to review the diffs before that telechat so you can tell me if I muffed anything. Thanks again for all the input! --Paul Hoffman D.16. Changes from draft-ietf-ipsecme-ikev2bis-08 to draft-ietf-ipsecme-ikev2bis-09 These changes came during IETF Last Call. Fixed some minor editorial nits. In 1.3, changed "this notify" to "this notification". In 2.6, changed "will cause two packets:" to "will cause two packets to be sent:". Moved the paragraph that starts "When the IKE_SA_INIT exchange does not result" from 2.7 to 2.6. Also changed"the responder's SPI will be zero" to "the responder's SPI will be zero also in the response message". In 2.8.2, last paragraph: Change the beginning of the sentence and changed "older peers may receive these notifications" to "older peers that implement RFC 4306 but not this document may receive these notifications". Fixed the first two paragraphs of 2.9 to talk about PFKEY in the correct context. In 2.23, clarified the paragraph that starts "An initiator can use..." in many places, saying that it is UDP encapsulated ESP. In 3.3.6, changed "If one of the proposals offered is for the Diffie- Hellman group of NONE, the responder MUST ignore the initiator's KE payload and omit the KE payload from the response" to "If one of the proposals offered is for the Diffie-Hellman group of NONE, and the responder selects that Diffie-Hellman group, then it MUST ignore the initiator's KE payload and omit the KE payload from the response". [Issue #176] In 3.5, changed "IPv6-only implementations MAY be configurable to send only ID_IPV6_ADDR instead of ID_IPV6_ADDR for IP addresses" to "IPv6-only implementations MAY be configurable to send only ID_IPV6_ADDR instead of ID_IPV4_ADDR for IP addresses".