Re: [secdir] secdir review of draft-kuegler-ipsecme-pace-ikev2

Yaron Sheffer <> Thu, 14 April 2011 07:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5211FE0675 for <>; Thu, 14 Apr 2011 00:04:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id SKazqLr+wJQN for <>; Thu, 14 Apr 2011 00:04:46 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 6ADADE065A for <>; Thu, 14 Apr 2011 00:04:46 -0700 (PDT)
Received: by wyb29 with SMTP id 29so1251700wyb.31 for <>; Thu, 14 Apr 2011 00:04:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=domainkey-signature:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=Z3cYM9S4aGC6jk1gimhRHcSWHyBvKsb0bYmtPhrwMFE=; b=ff+DF41Zfc27AQEhOvU4BVKcrYI5siekjdo6/twn3qluW42y6uG1L+hjtkxWiEtkMf m9q6/C/5IitujErnRog/xHtkmx8uGbRBGO0GCaME06VC3I5HxLWzk5sT9tkVhYWyqjyU n2IrkD2vWXABmnN79rCB0iKgmK+RYGGR9ZmEo=
DomainKey-Signature: a=rsa-sha1; c=nofws;; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=sxBMQ68ccH5vtk+LLWTNybiqy74fgZTS2EiQar6M1BtPBH+gNy5entTSbukaZjDMws UtTMNUzLZ3/zBXUlG+xme8hwOXxtQTFbduRlqYEvIoSAOy00eB5TtCmPKw7kwYqoV+Kw tcYOwAYRuyoWUBsImOUiuRsgMYH53AuzG8Fm0=
Received: by with SMTP id fd15mr400262wbb.216.1302764685778; Thu, 14 Apr 2011 00:04:45 -0700 (PDT)
Received: from [] ( []) by with ESMTPS id h11sm786459wbc.43.2011. (version=SSLv3 cipher=OTHER); Thu, 14 Apr 2011 00:04:45 -0700 (PDT)
Message-ID: <>
Date: Thu, 14 Apr 2011 10:04:42 +0300
From: Yaron Sheffer <>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20110223 Lightning/1.0b2 Thunderbird/3.1.8
MIME-Version: 1.0
To: Stephen Hanna <>
References: <>
In-Reply-To: <>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "" <>, "" <>
Subject: Re: [secdir] secdir review of draft-kuegler-ipsecme-pace-ikev2
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 14 Apr 2011 07:04:47 -0000

Hi Steve,

thanks for your review.

This document was published on the ipsecme list. During Last Call we 
received comments form Dan Harkins, who is certainly "an expert in 
authentication protocols."

The cryptographic part (PACE) has been published in the past, both as an 
academic paper and as a component of another standard. Both are 
referenced in the draft.


On 04/14/2011 02:09 AM, Stephen Hanna wrote:
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG. These comments were written primarily for the benefit of the
> security area directors. Document editors and WG chairs should treat
> these comments just like any other last call comments.
> This document defines a password authentication protocol for IKEv2
> based on PACE (Password Authenticated Connection Establishment).
> I am neither a cryptographer nor an expert on IPsec or IKEv2.
> Given these limitations, I will say that I found the Security
> Considerations section of the document to be thorough. All of
> the security issues that I could come up with and more were
> addressed in a credible manner. Overall, the document is clear
> and well-written. Personally, I do not have any concerns with
> this document becoming an RFC. However, it might be wise to
> wise to have a cryptographer or expert in authentication protocols
> provide an independent review of the document, if that has not
> already been done. If it has been done, I have no concerns.
> Thanks,
> Steve Hanna
> _______________________________________________
> secdir mailing list