The NULL Authentication Method in the Internet Key Exchange Protocol Version 2 (IKEv2)
RFC 7619

Note: This ballot was opened for revision 06 and is now closed.

Alvaro Retana No Objection

(Ben Campbell; former steering group member) Yes

Yes ( for -06)
No email
send info

(Jari Arkko; former steering group member) Yes

Yes ( for -06)
No email
send info

(Kathleen Moriarty; former steering group member) Yes

Yes ( for -06)
No email
send info

(Spencer Dawkins; former steering group member) (was No Objection) Yes

Yes ( for -06)
No email
send info

(Stephen Farrell; former steering group member) Yes

Yes (2015-05-27 for -06)
No email
send info
- 2.1: just wanted to check as I didn't have time to go
through it all myself - are we confident that using
SK_pi/SK_pr in this way has no cryptographic downsides? The
reference to the EAP methods convinces me this is no worse
than an existing thing, but not (by itself) that it is
cryptographically sound, so I just wanted to check as I
think prf(SK_pr,IDr') has until now been calculated but not
transmitted, so there's a tiny change here maybe, but as I
said I didn't have time to fully check. If someone just
tells me that yes, the authors/wg did consider this, that'll
be fine, no need to fully explain to me why using SK_pr like
this is safe (though if you want to, that'd be fine too).

- 2.5: "hand out" is an odd phrase here - would be better
to expand on that I think and say more precisely what
should never be done.

(Alia Atlas; former steering group member) No Objection

No Objection ( for -06)
No email
send info

(Barry Leiba; former steering group member) (was Discuss) No Objection

No Objection (2015-05-28 for -06)
No email
send info
First: Thanks, Paul, for a very informative and useful shepherd writeup.

Editorial comment in Section 2:

   If a peer
   that requires authentication receives an AUTH payload containing the
   NULL Authentication method type, it MUST return an
   AUTHENTICATION_FAILED notification.

We're referring to NULL authentication as "authentication", so maybe this should say something like "If a peer that requires positive identification receives [...]", or "If a peer that requires authenticated identity receives [...]" ?

(Benoît Claise; former steering group member) No Objection

No Objection ( for -06)
No email
send info

(Brian Haberman; former steering group member) No Objection

No Objection ( for -06)
No email
send info

(Deborah Brungard; former steering group member) No Objection

No Objection ( for -06)
No email
send info

(Martin Stiemerling; former steering group member) No Objection

No Objection ( for -06)
No email
send info