Last Call Review of draft-kivinen-ipsecme-ikev2-rfc5996bis-02

Request Review of draft-kivinen-ipsecme-ikev2-rfc5996bis
Requested rev. no specific revision (document currently at 04)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2014-04-18
Requested 2014-04-10
Authors Charlie Kaufman, Paul Hoffman, Yoav Nir, Pasi Eronen, Tero Kivinen
Draft last updated 2014-04-24
Completed reviews Genart Last Call review of -02 by Suresh Krishnan (diff)
Genart Telechat review of -03 by Suresh Krishnan (diff)
Secdir Last Call review of -02 by Scott Kelly (diff)
Assignment Reviewer Scott Kelly
State Completed
Review review-kivinen-ipsecme-ikev2-rfc5996bis-02-secdir-lc-kelly-2014-04-24
Reviewed rev. 02 (document currently at 04)
Review result Ready
Review completed: 2014-04-24


I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This is an update to RFC5996 (IKEv2). From the document, it makes the following changes:

   Fixed section 3.6 and 3.10 as specified in the RFC5996 errata 2707
   and 3036.

   Removed Raw RSA Public keys.  There is new work ongoing to replace
   that with more generic format for generic raw public keys.

   Added reference to the RFC6989 when using non Sophie-Germain Diffie-
   Hellman groups, or when reusing Diffie-Hellman Exponentials.

   Added reference to the RFC4945 in the Identification Payloads

   Added IANA Considerations section note about removing the Raw RSA
   Key, and removed the old contents which was already done during
   RFC5996 processing.  Added note that IANA should update IKEv2
   registry to point to this document instead of RFC5996.

   Clarified that the intended status of this document is Internet
   Standard both in abstract and Introduction section.

   Added name Last Substruc for the Proposal and Transform Substructure
   header for the 0 (last) or 2/3 (more) field.

Based on the well known and well respected collection of authors, I think it is safe to conclude that ample consideration has been given to all things security in this one. I see nothing in the above list that makes me think otherwise.