Generic Raw Public-Key Support for IKEv2
RFC 7670

Note: This ballot was opened for revision 12 and is now closed.

(Stephen Farrell) Yes

Comment (2015-10-12 for -13)
No email
send info
- Good stuff, we must remember to define this for eddsa.

- intro and security considerations: "Secure DNS" might be 
better as DNSSEC (Sorry if this is the reverse of some comment
you've previously processed.)

(Kathleen Moriarty) Yes

(Jari Arkko) No Objection

(Alia Atlas) No Objection

Deborah Brungard No Objection

(Ben Campbell) No Objection

(Benoît Claise) No Objection

(Spencer Dawkins) No Objection

Comment (2015-10-13 for -13)
No email
send info
A minimal-value-added comment follows, so I apologize in advance ...

Would a better title for this document be "Algorithm-agnostic Raw Public Keys for IKEv2"?

At a minimum, "More *Types of* Raw Public Keys for IKEv2" seems more accurate. I'm not a SEC guy, but I'm reading "more keys" as "more key values", and I'm pretty sure that's wrong.

(Brian Haberman) No Objection

(Joel Jaeggli) No Objection

Barry Leiba No Objection

Comment (2015-10-13 for -13)
No email
send info
In addition to Spencer's comment, which I agree with, I have some minor editorial comments about the abstract:

   The Internet Key Exchange Version 2 (IKEv2) protocol only supports
   RSA for raw public keys.

As written, this sounds like it means that the only time IKEv2 supports RSA is when you're using raw public keys.  What you actually mean is that when you're using raw public keys, only RSA is supported.  You should re-word it, perhaps like this:

NEW
   When using raw public keys in the Internet Key Exchange Version 2
   (IKEv2) protocol, only RSA keys are supported.
END

   This document updates RFC 7296

You're missing a "." here, but I suggest that you just roll this into the last sentence of the first paragraph instead:

NEW
   This document updates RFC 7296, adding support for other
   types of raw public keys to IKEv2.
END

(Terry Manderson) No Objection

Alvaro Retana No Objection

(Martin Stiemerling) No Objection