Generic Raw Public-Key Support for IKEv2
draft-kivinen-ipsecme-oob-pubkey-14

[Ballot comment]
In addition to Spencer's comment, which I agree with, I have some minor editorial comments about the abstract:

  The Internet Key Exchange Version 2 (IKEv2) protocol only supports
  RSA for raw public keys.

As written, this sounds like it means that the only time IKEv2 supports RSA is when you're using raw public keys.  What you actually mean is that when you're using raw public keys, only RSA is supported.  You should re-word it, perhaps like this:

NEW
  When using raw public keys in the Internet Key Exchange Version 2
  (IKEv2) protocol, only RSA keys are supported.
END

  This document updates RFC 7296

You're missing a "." here, but I suggest that you just roll this into the last sentence of the first paragraph instead:

NEW
  This document updates RFC 7296, adding support for other
  types of raw public keys to IKEv2.
END

[Ballot comment]
A minimal-value-added comment follows, so I apologize in advance ...

Would a better title for this document be "Algorithm-agnostic Raw Public Keys for IKEv2"?

At a minimum, "More *Types of* Raw Public Keys for IKEv2" seems more accurate. I'm not a SEC guy, but I'm reading "more keys" as "more key values", and I'm pretty sure that's wrong.

[Ballot comment]

- Good stuff, we must remember to define this for eddsa.

- intro and security considerations: "Secure DNS" might be
better as DNSSEC (Sorry if this is the reverse of some comment
you've previously processed.)

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

IANA has completed its review of draft-kivinen-ipsecme-oob-pubkey-11. If any part of this review is inaccurate, please let us know.

IANA understands that, upon approval of this document, there is a single action which IANA must complete.

In the IKEv2 Certificate Encodings subregistry of the Internet Key Exchange Version 2 (IKEv2) Parameters registry located at:

https://www.iana.org/assignments/ikev2-parameters/

a new encoding will be registered as follows:

Value: [ TBD-at-Registration ]
Certificate Encoding: Raw Public Key
Reference: [ RFC-to-be ]

As this document requests registrations in an Expert Review or Specification Required (see RFC 5226) registry, we have initiated the required Expert Review via a separate request. This review is still in process.

Note:  The action requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed.

The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (More Raw Public Keys for IKEv2) to Internet Standard


The IESG has received a request from an individual submitter to consider
the following document:
- 'More Raw Public Keys for IKEv2'
  as Internet Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2015-09-23. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  The Internet Key Exchange Version 2 (IKEv2) protocol currently only
  supports raw RSA keys.  In constrained environments it is useful to
  make use of other types of public keys, such as those based on
  Elliptic Curve Cryptography.  This documents adds support for other
  types of raw public keys to IKEv2.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-kivinen-ipsecme-oob-pubkey/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-kivinen-ipsecme-oob-pubkey/ballot/


No IPR declarations have been submitted directly on this I-D.