Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Generic Raw Public-Key Support for IKEv2
draft-kivinen-ipsecme-oob-pubkey-14

Yes

(Kathleen Moriarty)

(Stephen Farrell)

No Objection

(Alia Atlas)

(Alvaro Retana)

(Barry Leiba)

(Ben Campbell)

(Benoît Claise)

(Brian Haberman)

(Deborah Brungard)

(Jari Arkko)

(Joel Jaeggli)

(Martin Stiemerling)

(Spencer Dawkins)

(Terry Manderson)

Note: This ballot was opened for revision 12 and is now closed.

Kathleen Moriarty Former IESG member

Yes

Yes (for -12) Unknown

Stephen Farrell Former IESG member

Yes

Yes (2015-10-12 for -13) Unknown

- Good stuff, we must remember to define this for eddsa.

- intro and security considerations: "Secure DNS" might be 
better as DNSSEC (Sorry if this is the reverse of some comment
you've previously processed.)

Alia Atlas Former IESG member

No Objection

No Objection (for -13) Unknown

Alvaro Retana Former IESG member

No Objection

No Objection (for -13) Unknown

Barry Leiba Former IESG member

No Objection

No Objection (2015-10-13 for -13) Unknown

In addition to Spencer's comment, which I agree with, I have some minor editorial comments about the abstract:

   The Internet Key Exchange Version 2 (IKEv2) protocol only supports
   RSA for raw public keys.

As written, this sounds like it means that the only time IKEv2 supports RSA is when you're using raw public keys.  What you actually mean is that when you're using raw public keys, only RSA is supported.  You should re-word it, perhaps like this:

NEW
   When using raw public keys in the Internet Key Exchange Version 2
   (IKEv2) protocol, only RSA keys are supported.
END

   This document updates RFC 7296

You're missing a "." here, but I suggest that you just roll this into the last sentence of the first paragraph instead:

NEW
   This document updates RFC 7296, adding support for other
   types of raw public keys to IKEv2.
END

Ben Campbell Former IESG member

No Objection

No Objection (for -13) Unknown

Benoît Claise Former IESG member

No Objection

No Objection (for -13) Unknown

Brian Haberman Former IESG member

No Objection

No Objection (for -13) Unknown

Deborah Brungard Former IESG member

No Objection

No Objection (for -13) Unknown

Jari Arkko Former IESG member

No Objection

No Objection (for -13) Unknown

Joel Jaeggli Former IESG member

No Objection

No Objection (for -13) Unknown

Martin Stiemerling Former IESG member

No Objection

No Objection (for -13) Unknown

Spencer Dawkins Former IESG member

No Objection

No Objection (2015-10-13 for -13) Unknown

A minimal-value-added comment follows, so I apologize in advance ...

Would a better title for this document be "Algorithm-agnostic Raw Public Keys for IKEv2"?

At a minimum, "More *Types of* Raw Public Keys for IKEv2" seems more accurate. I'm not a SEC guy, but I'm reading "more keys" as "more key values", and I'm pretty sure that's wrong.

Terry Manderson Former IESG member

No Objection

No Objection (for -13) Unknown

Generic Raw Public-Key Support for IKEv2 draft-kivinen-ipsecme-oob-pubkey-14

Generic Raw Public-Key Support for IKEv2
draft-kivinen-ipsecme-oob-pubkey-14