On Mar 20, 2012, at 11:27 PM, Jan Zorz @ go6.si wrote:
On 3/20/12 11:35 PM, Merike Kaeo wrote:
Sigh. As I mentioned to Jan separately after seeing his post, the comments from Tero were based on an older version of RIPE-501bis and I (and Jan) pointed him to the newer version. I think Jan got a bit eager to distribute Tero's comments and I fear they could cause some confusion since we DID take out all reference to IKEv1 and updated to all the updated RFCs.
Hi,
I copy/pasted comments from Tero's latest email, after redirect to newest draft of intended replacement doc.
You are right!! Mea culpa. Too much multi-tasking.
Let's find out relevant parts and see what we can use.
All of what Tero sais is relevant - the one aspect I would like input from community is whether they still want IKEv1 in recommendations, even optional. The ISAKMP references should be taken out if IKEv2 is the only requirement the RIPE community wants to make for tender input. For rest of community - Tero initially sent me his comments when he saw the document in a Finnish IPv6 Forum meeting a few weeks ago - I've known him through IPsec wg in IETF for years. He is an implementor and primary standards contributor so he is well aware of what folks are actively deploying wrt IPsec. He has implemented IPsec in IPv6 environments for well over 6 years (if not longer). - merike