[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKEv2 allocation policies



Michael Richardson wrote:
-----BEGIN PGP SIGNED MESSAGE-----



"VPNC" == VPNC <Paul> writes:

>> gives more uniform results in cases where an IKEv2 extension >> requires a couple of values from different registries. Your proposal >> is OK, but a more consistent proposal is simply that all values >> require "Expert Review".


VPNC> Are we trying to micro-manage the future with having different VPNC> categories for policies?
Let's divide what you saying into two statements:


  1) that we should not have different policies for different tables
     ("micro-management")

2) that the single policy should be expert review.

Regarding the micro-management question, I believe the IETF generally sets an appropriate policy for each table separately. This makes sense, because there can be significant differencies in the implications of allocating a value in the different tables. Small fields are more carefully managed than 32 bit fields. Fields that have significant interoperability implications are better managed than fields that are sent for information only.

For instance, we look after protocol numbers more carefully than for
port numbers. RFC 3588 (Diameter) has a different policy for allocating
header bits than for attribute numbers. RFC 3427 (SIP) defines a different
policy for general header fields and so called P- (proprietary) header
fields.

Of course, this does not mean that in the IKEv2 case we must have
different policies. But I don't think we should rule it out from
the start.

As to the specific proposal of Expert Review for everything...
I think there is a big difference between Exchange Types and
Encryption Transform IDs, for instance. The former is just 8
bits, and Standards Action seems appropriate for it. Yet I
don't think we should require Standards Action for everything.

--Jari