Deb Cooley writes: > Section 4.4.2: Is there a circumstance where distributing both ESP and AH > policies for the same set of Traffic Selectors would be sensible? If not, > should this be MUST NOT?
I think this is aligning with the Cryptographic Algorithm Implementation Requirements and Usage Guidance for ESP and AH RFC8221 which says: ---------------------------------------------------------------------- 4. Encryption Must Be Authenticated ... The last method that can be used is ESP+AH. This method is NOT RECOMMENDED. It is the slowest method and also takes up more octets ... ---------------------------------------------------------------------- > Section 9.2: It is hard to tell where exactly registry entries are being > requested. Some say <TBA> and some actually specify values (example IKEv2 > Payload Types). Please make it obvious where those entry values are > aspirational. (IANA will do the real review here, we have just been warned > that putting real numbers in these registries isn't always a good idea, i.e. > they might be changed) There are some IANA values which have already been registered for this document, for example https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml IKEv2 Exchange Types registry already has 39 GSA_AUTH [draft-yeung-g-ikev2] 40 GSA_REGISTRATION [draft-yeung-g-ikev2] 41 GSA_REKEY [draft-yeung-g-ikev2] But the iana registry do not include value for GSA_INBAND_REKEY yet, which is why it has TBA in the draft. So if there is numbers already filled in, those numbers are already in the IANA registry. If there is TBA then those are new values to be added to IANA registries. I leave the rest of the questions to the authors of the draft to answer. -- kivi...@iki.fi _______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
