|Main Archive Page > Month Archives > ipsec archives|
Steve, you are mostly right, but this I-D only deals with the integrity data exchange using the notify payload. Thanks.
From: Stephen Kent [mailto:email@example.com] Sent: Friday, September 11, 2009 3:23 PM To: firstname.lastname@example.org
Subject: Re: [IPsec] draft-wong-ipsecme-ikev2-integrity-data-00.txt
At 11:46 AM -0400 9/11/09, Marcus Wong wrote:
>I'm new to the working group. I've uploaded a draft on the use of notify
>payload for integrity data exchanges in IKEv2 for your comments and review.
>All comments are highly appreciated. Thanks everyone.
>A new version of I-D, draft-wong-ipsecme-ikev2-integrity-data-00.txt has
>been successfuly submitted by Marcus Wong and posted to the IETF
>Title: Integrity Data Exchanges in IKEv2
>WG ID: Independent Submission
>IKEv2 supports mutual authentication of the peers but does not support
>platform integrity validation of the peers nor does it support the exchange
>of data related to the platform integrity validation. This extension
>platform integrity validation data to be exchanged from one peer
>to another (respondent), allowing the other peer to either use the data for
>statistical analysis, pass it along to a validation entity for validation
>pass it along to a Fraud Information Gathering System for fraud detection
I have mot read you I-D, but this sounds like a NEA issue being pushed into an IPsec protocol. Am I wrong?