[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: charter question re IKE changes



In message <F504A8CEE925D411AF4A00508B8BE90A93E26A@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
, "Linn, John" writes:
>I'd like to ask a charter question which relates to both IPsec and IPSRA
>WGs.  IPSRA, based on IESG inputs, has been operating under the premise that
>its work should not impact IKE's syntax or semantics if feasibly avoidable,
>with a strong preference to work instead alongside IKE as currently defined.
>This premise has constrained the design space for candidate IPSRA proposals.
>Recent discussion on IPsec has suggested significant changes to IKE,
>potentially removing or replacing authentication modes. Question: If IKE's
>definition is to be reopened within IPsec, should IPSRA's admissible design
>space continue to be constrained by RFC-2409?

Yes.

Most of the talk here has been about removing things, not adding more.  
IPSRA would need to add more.

		--Steve Bellovin