ipsec November 2007 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: [IPsec] Fwd: I-D Action:draft-hoffman-ikev2bis-02.txt

[IPsec] Fwd: I-D Action:draft-hoffman-ikev2bis-02.txt

From: Paul Hoffman <paul.hoffman_at_nospam>
Date: Sat Nov 17 2007 - 20:02:08 GMT
To: IPsec WG <ipsec@ietf.org>

>A New Internet-Draft is available from the on-line Internet-Drafts
> Title : Internet Key Exchange Protocol: IKEv2
> Author(s) : C. Kaufman, et al.
> Filename : draft-hoffman-ikev2bis-02.txt
> Pages : 125
> Date : 2007-11-17
>This document describes version 2 of the Internet Key Exchange (IKE)
>protocol. It is a restatement of RFC 4306, and includes all of the
>clarifications from RFC 4718.
>A URL for this Internet-Draft is:

Almost all of the changes came from Pasi (thanks, Pasi!). The change list from the document is:

    Many grammatical fixes.

    In Section 1.2, reworded Clarif-4.3 to be clearer.

    In Section 1.3.3, reworded 3.10.1-16393 and Clarif-5.4 to remove     redundant text.

    In Section 2.13, replaced text about variable length keys with     clearer explanation and requirement on non-HMAC PRFs. Also added     "preferred" to Section 2.14 for the key length, and removed redundant     text.

    In Section 2.14, removed the "half and half" description and replaced     it with exceptions for RFC4434 and RFC4615.

    Removed the now-redundant "All PRFs used with IKEv2 MUST take     variable-sized keys" from Section 2.15.

    In Section 2.15, added "(IKE_SA_INIT response)" after "of the second     message" and "(IKE_SA_INIT request)" after "the first message".

    In Section 2.17, simplified because there are no more bundles. "A     single CHILD_SA negotiation may result in multiple security     associations. ESP and AH SAs exist in pairs (one in each     direction)." becomes "For ESP and AH, a single CHILD_SA negotiation     results in two security associations (one in each direction)."

    In section 3.3, made the example of combinations of algorithms and     the contents of the first proposal clearer.

    Added Clarif-4.4 to the ned of Section 3.3.2.

    Reordered Section 3.3.5 and added Clarif-7.11.

    Clarified Section 3.3.6 about choosing a single proposal. Also added     second paragraph about transforms not understood, and clarified third     paragraph about picking D-H groups.

    Moved 3.10.1-16392 from Section 3.6 to 3.7.

    In Section 3.10, clarified 3.10.1-16394.

    Updated Section 6 to indicate that there is nothing new for IANA in     this spec. Also removed the definition of "Expert Review" from     Section 1.6 for the same reason.

    In Appendix A, removed "and not commit any state to an exchange until     the initiator can be cryptographically authenticated" because that     was only true in an earlier version of IKEv2.

--Paul Hoffman, Director
--VPN Consortium

IPsec mailing list