ipsec September 2009 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: Re: [IPsec] draft-wong-ipsecme-ikev2-integrity-data-00.tx

Re: [IPsec] draft-wong-ipsecme-ikev2-integrity-data-00.txt

From: Marcus Wong <mwong_at_nospam>
Date: Fri Sep 11 2009 - 20:06:24 GMT
To: ipsec@ietf.org

Steve, you are mostly right, but this I-D only deals with the integrity data exchange using the notify payload. Thanks.


-----Original Message-----
From: Stephen Kent [mailto:kent@bbn.com] Sent: Friday, September 11, 2009 3:23 PM To: mwong@huawei.com
Cc: ipsec@ietf.org
Subject: Re: [IPsec] draft-wong-ipsecme-ikev2-integrity-data-00.txt

At 11:46 AM -0400 9/11/09, Marcus Wong wrote:
>Hi Everyone,
>I'm new to the working group. I've uploaded a draft on the use of notify
>payload for integrity data exchanges in IKEv2 for your comments and review.
>All comments are highly appreciated. Thanks everyone.
>A new version of I-D, draft-wong-ipsecme-ikev2-integrity-data-00.txt has
>been successfuly submitted by Marcus Wong and posted to the IETF
>Filename: draft-wong-ipsecme-ikev2-integrity-data
>Revision: 00
>Title: Integrity Data Exchanges in IKEv2
>Creation_date: 2009-09-11
>WG ID: Independent Submission
>Number_of_pages: 9
>IKEv2 supports mutual authentication of the peers but does not support
>platform integrity validation of the peers nor does it support the exchange
>of data related to the platform integrity validation. This extension
>platform integrity validation data to be exchanged from one peer
>to another (respondent), allowing the other peer to either use the data for
>statistical analysis, pass it along to a validation entity for validation
>pass it along to a Fraud Information Gathering System for fraud detection

I have mot read you I-D, but this sounds like a NEA issue being pushed into an IPsec protocol. Am I wrong?


IPsec mailing list