Here is the status of the open issues that we discussed at the interim WG
meeting in early February. If you want to discuss any of them, please do not
reply to this message but instead start a thread with the issue number in the
subject.
--Paul Hoffman
Issue #36, Interaction of IKE_SA_INIT retransmissions with specific notifies.
No comments, but it seems like a valid minor addition; accepted.
Issue #14: Bounding the retransmit time.
Small amount of discussion; accepted. Wording will indicate that this is
optional for the one closing the window but should be anticipated by
the party waiting a long time.
Issue #19: Motivation for including SPIs in the cookie.
No comments, but seems harmless. Accepted.
Issue #62: Security considerations - implementation robustness.
Accepted.
Issue #16 and #45: Order of IKE payloads.
Agreement that we cannot change the requirement in RFC 4306, but
disagreement on what that means, particularly because RFC 4306
requires a small subset of the required ordering. Paul will propose
some new text.
Issue #11: Clarify which traffic selectors to use in rekeying.
Not accepted because some people may be doing decorrelating, but
others might not be doing it.
Issue #68: Counter mode ciphers in IKEv2 to protect IKE SA.
General agreement that the document specifies that IV needs to be
unpredictable for CBC, and gives a reference to other docs for the
non-CBC modes. Paul will republish text for this issue.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
