Hi, Yoav: Sorry for my late feedback. Thank for your reviewing this document and catching this nits. I will update rfc5296bis to get alignment with RFC5996. Also I think it will be good to see the update of RFC5996 to support ERP.
Regards! -Qin ----- Original Message ----- From: "Yoav Nir" <[email protected]> To: <[email protected]>; <[email protected]> Sent: Sunday, March 06, 2011 5:25 PM Subject: [IPsec] HOKEY draft draft-ietf-hokey-rfc5296bis > Hi all > > I have just read the subject draft, and found this in section 6 (and similar > text in the introduction): > > Note that to support ERP, lower-layer specifications may need to be > revised. Specifically, the IEEE802.1x specification must be revised > to allow carrying EAP messages of the new codes defined in this > document in order to support ERP. Similarly, RFC 4306 must be > updated to include EAP code values higher than 4 in order to use ERP > with Internet Key Exchange Protocol version 2 (IKEv2). IKEv2 may > also be updated to support peer-initiated ERP for optimized > operation. Other lower layers may need similar revisions. > > Note that this is not new text, and it appears pretty much the same way in > RFC 5296. > > There's the obvious nit with this text, that RFC 4306 is not a reference. If > it was, the id-nits would warn about this RFC being obsolete. But that's the > small problem here. > > A bigger problem is that this text says that IKEv2 needs to be updated, but > there is no draft for this update, nor has there been any message to this > list about this proposed change. > > The simple change they require is to section 3.16: > o Code (1 octet) indicates whether this message is a Request (1), > Response (2), Success (3), or Failure (4). > > I think this could be done with an errata or a 1-page draft, if all that was > required was pass-through of codes (5) and (6). But I think it's more > involved than that. > > There's peer-initiated ERP (which would require peer-initiated IKE?) and > multiple simultaneous operations. I think it may come to a somewhat larger > draft. > > I think there should be at least a work-in-progress reference for 802.1x and > IKEv2 before the hokey draft progresses. > > Yoav > > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec > _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
