|Main Archive Page > Month Archives > ipsec archives|
>A New Internet-Draft is available from the on-line Internet-Drafts
> Title : Internet Key Exchange Protocol: IKEv2
> Author(s) : C. Kaufman, et al.
> Filename : draft-hoffman-ikev2bis-02.txt
> Pages : 125
> Date : 2007-11-17
>This document describes version 2 of the Internet Key Exchange (IKE)
>protocol. It is a restatement of RFC 4306, and includes all of the
>clarifications from RFC 4718.
>A URL for this Internet-Draft is:
Almost all of the changes came from Pasi (thanks, Pasi!). The change list from the document is:
Many grammatical fixes.
In Section 1.2, reworded Clarif-4.3 to be clearer.
In Section 1.3.3, reworded 3.10.1-16393 and Clarif-5.4 to remove redundant text.
In Section 2.13, replaced text about variable length keys with clearer explanation and requirement on non-HMAC PRFs. Also added "preferred" to Section 2.14 for the key length, and removed redundant text.
In Section 2.14, removed the "half and half" description and replaced it with exceptions for RFC4434 and RFC4615.
Removed the now-redundant "All PRFs used with IKEv2 MUST take variable-sized keys" from Section 2.15.
In Section 2.15, added "(IKE_SA_INIT response)" after "of the second message" and "(IKE_SA_INIT request)" after "the first message".
In Section 2.17, simplified because there are no more bundles. "A single CHILD_SA negotiation may result in multiple security associations. ESP and AH SAs exist in pairs (one in each direction)." becomes "For ESP and AH, a single CHILD_SA negotiation results in two security associations (one in each direction)."
In section 3.3, made the example of combinations of algorithms and the contents of the first proposal clearer.
Added Clarif-4.4 to the ned of Section 3.3.2.
Reordered Section 3.3.5 and added Clarif-7.11.
Clarified Section 3.3.6 about choosing a single proposal. Also added second paragraph about transforms not understood, and clarified third paragraph about picking D-H groups.
Moved 3.10.1-16392 from Section 3.6 to 3.7.
In Section 3.10, clarified 3.10.1-16394.
Updated Section 6 to indicate that there is nothing new for IANA in this spec. Also removed the definition of "Expert Review" from Section 1.6 for the same reason.
In Appendix A, removed "and not commit any state to an exchange until the initiator can be cryptographically authenticated" because that was only true in an earlier version of IKEv2.
--Paul Hoffman, Director