[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
draft-ietf-sigtran-security
Russ Housley [ ] [ ] [ X ] [ ]
Please make these changes throughout the document:
- change "man in the middle" to "man-in-the-middle"
- change "certificate authority" to "certification authority"
- change "IPSEC" to "IPsec"
- change "root CA" to "trust anchor"
Section 5, 3rd paragraph says: "These nodes MUST support IKE ..." Are
these nodes the ones that implement ESP, or just the ones that implement
ESP in tunnel mode. It needs to be clear which implementations MUST
support IKE.
Section 5, 5th paragraph says: "IKE negotiators SHOULD use pertinent
certificate revocation checks before accepting a PKI certificate for use in
IKE's authentication procedures." What are these checks? At a minimum
include a normative reference to RFC 3280. If on-line checking is
anticipated, then a reference to RFC 2560 may be in order.
Section 5, 7th paragraph seems to use the terms security association
(SA), session, and connection interchangeably. I think that security
association is the proper term.