Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

The NULL Authentication Method in the Internet Key Exchange Protocol Version 2 (IKEv2)
draft-ietf-ipsecme-ikev2-null-auth-07

Yes

(Ben Campbell)

(Jari Arkko)

(Kathleen Moriarty)

(Spencer Dawkins)

(Stephen Farrell)

No Objection

(Alia Atlas)

(Alvaro Retana)

(Barry Leiba)

(Benoît Claise)

(Brian Haberman)

(Deborah Brungard)

(Martin Stiemerling)

Note: This ballot was opened for revision 06 and is now closed.

Ben Campbell Former IESG member

Yes

Yes (for -06) Unknown

Jari Arkko Former IESG member

Yes

Yes (for -06) Unknown

Kathleen Moriarty Former IESG member

Yes

Yes (for -06) Unknown

Spencer Dawkins Former IESG member

(was No Objection) Yes

Yes (for -06) Unknown

Stephen Farrell Former IESG member

Yes

Yes (2015-05-27 for -06) Unknown

- 2.1: just wanted to check as I didn't have time to go
through it all myself - are we confident that using
SK_pi/SK_pr in this way has no cryptographic downsides? The
reference to the EAP methods convinces me this is no worse
than an existing thing, but not (by itself) that it is
cryptographically sound, so I just wanted to check as I
think prf(SK_pr,IDr') has until now been calculated but not
transmitted, so there's a tiny change here maybe, but as I
said I didn't have time to fully check. If someone just
tells me that yes, the authors/wg did consider this, that'll
be fine, no need to fully explain to me why using SK_pr like
this is safe (though if you want to, that'd be fine too).

- 2.5: "hand out" is an odd phrase here - would be better
to expand on that I think and say more precisely what
should never be done.

Alia Atlas Former IESG member

No Objection

No Objection (for -06) Unknown

Alvaro Retana Former IESG member

No Objection

No Objection (for -06) Unknown

Barry Leiba Former IESG member

(was Discuss) No Objection

No Objection (2015-05-28 for -06) Unknown

First: Thanks, Paul, for a very informative and useful shepherd writeup.

Editorial comment in Section 2:

   If a peer
   that requires authentication receives an AUTH payload containing the
   NULL Authentication method type, it MUST return an
   AUTHENTICATION_FAILED notification.

We're referring to NULL authentication as "authentication", so maybe this should say something like "If a peer that requires positive identification receives [...]", or "If a peer that requires authenticated identity receives [...]" ?

Benoît Claise Former IESG member

No Objection

No Objection (for -06) Unknown

Brian Haberman Former IESG member

No Objection

No Objection (for -06) Unknown

Deborah Brungard Former IESG member

No Objection

No Objection (for -06) Unknown

Martin Stiemerling Former IESG member

No Objection

No Objection (for -06) Unknown

The NULL Authentication Method in the Internet Key Exchange Protocol Version 2 (IKEv2) draft-ietf-ipsecme-ikev2-null-auth-07

The NULL Authentication Method in the Internet Key Exchange Protocol Version 2 (IKEv2)
draft-ietf-ipsecme-ikev2-null-auth-07