Re: Last Call: 'Kerberized Internet Negotiation of Keys (KINK)' to Proposed Standard (fwd)

[Sam Hartman <hartmans-ietf@xxxxxxx>]

>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@xxxxxxx> writes:


    Nicolas>  - Section 5.3 limits the IDs that can be used with KINK
    Nicolas> to address/subnet/address range IDs.  I think this is too
    Nicolas> limited, it seems likely to make KINK very difficult to
    Nicolas> use.

    Nicolas>    I'd rather that a new ID type be defined that
    Nicolas> corresponds to Kerberos V principal names and/or that
    Nicolas> ID_FQDN and ID_RFC822_ADDR be allowed and a simple
    Nicolas> algorithm be recommended for matching principals and such
    Nicolas> IDs.

Nico, these are phase 2 IDs.  I.E. they describe the SA, not the
parties involved.

I'm afraid you are living in an IKEV2 world where terminology makes
sense.