[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

draft-ietf-sigtran-security

To: iesg-secretary@ietf.org
Subject: draft-ietf-sigtran-security
From: Russ Housley <housley@vigilsec.com>
Date: Tue, 15 Apr 2003 20:51:49 -0400
Cc: iesg@ietf.org

Russ Housley [ ] [ ] [ X ] [ ]

Please make these changes throughout the document:
- change "man in the middle" to "man-in-the-middle"
- change "certificate authority" to "certification authority"
- change "IPSEC" to "IPsec"
- change "root CA" to "trust anchor"

Section 5, 3rd paragraph says: "These nodes MUST support IKE ..." Are these nodes the ones that implement ESP, or just the ones that implement ESP in tunnel mode. It needs to be clear which implementations MUST support IKE.

Section 5, 5th paragraph says: "IKE negotiators SHOULD use pertinent certificate revocation checks before accepting a PKI certificate for use in IKE's authentication procedures." What are these checks? At a minimum include a normative reference to RFC 3280. If on-line checking is anticipated, then a reference to RFC 2560 may be in order.

Section 5, 7th paragraph seems to use the terms security association (SA), session, and connection interchangeably. I think that security association is the proper term.

Prev by Date: Re: Evaluation: draft-ietf-pkix-pi - Internet X.509 Public Key
Next by Date: Re: draft-richardson-ipsec-opportunistic-11 again]
Previous by thread: Agenda item for APEX
Next by thread: draft-congdon-radius-8021x
Index(es):
- Date
- Thread