[Gen-art] Re: Gen-ART review of draft-ietf-v6ops-ipsec-tunnels-04.txt
Pekka Savola <psavola@csc.fi> Tue, 12 December 2006 14:04 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gu8FQ-0002TX-Eg; Tue, 12 Dec 2006 09:04:44 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gu7lF-0006Ws-9p for gen-art@ietf.org; Tue, 12 Dec 2006 08:33:33 -0500
Received: from smtp2.csc.fi ([193.166.3.97]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gu7lD-0002KJ-Qe for gen-art@ietf.org; Tue, 12 Dec 2006 08:33:33 -0500
Received: from imap1.csc.fi (imap1.csc.fi [193.166.7.56]) by smtp2.csc.fi (MAILSERVER) with ESMTP id kBCDXDlx029317 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 12 Dec 2006 15:33:13 +0200
Received: from myrsky.csc.fi (myrsky.csc.fi [193.166.7.58]) (authenticated as psavola) by imap1.csc.fi (MAILSERVER) with ESMTP id kBCDXC5B014790 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 12 Dec 2006 15:33:12 +0200
Date: Tue, 12 Dec 2006 15:33:12 +0200
From: Pekka Savola <psavola@csc.fi>
To: Fred Baker <fred@cisco.com>
In-Reply-To: <4694D675-005A-4A44-A578-E28F970AC90F@cisco.com>
Message-ID: <Pine.LNX.4.62.0612121506250.22191@sampo3.csc.fi>
References: <F222151D3323874393F83102D614E055068B89BB@CORPUSMX20A.corp.emc.com> <4694D675-005A-4A44-A578-E28F970AC90F@cisco.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Spam-Score: undef - relay 193.166.7.56 marked with SkipSpamScan
X-CanItPRO-Stream: default
X-Canit-Stats-ID: Bayes signature not available
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f60d0f7806b0c40781eee6b9cd0b2135
X-Mailman-Approved-At: Tue, 12 Dec 2006 09:04:42 -0500
Cc: David Kessens <david.kessens@nokia.com>, Hannes.Tschofenig@siemens.com, gen-art@ietf.org, Lindqvist Erik Kurt <kurtis@kurtis.pp.se>, Mohan Parthasarathy <mohanp@sbcglobal.net>, rfg@acm.org, David Black <Black_David@emc.com>
Subject: [Gen-art] Re: Gen-ART review of draft-ietf-v6ops-ipsec-tunnels-04.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Errors-To: gen-art-bounces@ietf.org
Hello and thanks for review! I believe the comments look reasonable, and most of them should be addressed easily. Two comments below, the first for my fellow co-authors and the second as a general comment to you and to Mohan. On Sun, 10 Dec 2006, Fred Baker wrote: > On Dec 9, 2006, at 5:55 PM, Black_David@emc.com wrote: >> Section 4 has some wording problems: >> >> 1. [RFC2401] does not allow IP as the next layer protocol in traffic >> selectors when an IPsec SA is negotiated. [RFC4301] also allows >> IP as the next layer protocol (like TCP or UDP) in traffic >> selectors. >> >> The "also" is susceptible to misreading. The second sentence should >> be rephrased to: "In contrast, [RFC4301] does allow ..." Mohan or Richard, could you clarify this? I thought the idea was that RFC2401 does not explicitly mention IP as the possible next layer protocol, while many implementations do support it (and we aren't quite sure whether such support is mandatory-to-implement)? On the other hand RFC4301 explicitly requires support for all next layer protocol values. Maybe we forgot to to reword the text above since this become clearer after earlier iterations. If so, suggestions to reword? >> The three requirements in Section 5.2 are generally applicable, >> and should not be buried in Section 5.2's discussion of IPsec >> tunnel mode. The requirements also lack explanations of why >> they are requirements. At a minimum, the statement of the >> requirements should be moved into Section 5 (before 5.1), but >> I would suggest moving them to the end of Section 3 and adding >> a discussion of why these requirements are important (e.g., what >> goes wrong if they're not met) with reference to the scenarios >> described in Section 3. We could easily shuffle the text around a bit. Now that I read this, only the first one seems to be clearly worded as a "requirement" rather than a general observation. While the third one needs clarification (Mohan?), only the first one (IMHO) can easily be expanded why that is so: 1. All of IPv6 traffic should be protected, including link-local (e.g., Neighbor Discovery) and multicast traffic. 2. In router-to-router tunnels, the source and destination addresses of the traffic could come from a wide range of prefixes that are normally learned through routing. As routing can always learn a new prefix, there is no way to know all the prefixes a priori [RFC3884]. 3. Source address selection depends on the notions of routes and interfaces. This affects scenarios (2) and (3). 1) is required so that every form of traffic that is supported by RFC4213 IPv6-in-IPv4 tunnels is supported. A more general explanation is mentioned in 2nd paragraph of Section 6 (in effect, "we want link local, e.g., routing protocols, multicast, etc.") but it doesn't mention why we want them (explanation above). On the other hand Appendix A describes the tunnel mode setup if this is not felt to be a requirement and Tunnel mode is felt better in the particular scenario. As for 3), I'm not 100% sure what point it wants to convey and how it's relevant here (does that refer to a multihomed endpoint with multiple addresses?) Mohan? Pekka _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Gen-ART review of draft-ietf-v6ops-ipse… Black_David
- [Gen-art] Re: Gen-ART review of draft-ietf-v6ops-… Fred Baker
- [Gen-art] Re: Gen-ART review of draft-ietf-v6ops-… Pekka Savola
- [Gen-art] Re: Gen-ART review of draft-ietf-v6ops-… Mohan Parthasarathy
- [Gen-art] Re: Gen-ART review of draft-ietf-v6ops-… Mohan Parthasarathy
- [Gen-art] RE: Gen-ART review of draft-ietf-v6ops-… Black_David
- [Gen-art] Re: Gen-ART review of draft-ietf-v6ops-… Fred Baker
- [Gen-art] Re: Gen-ART review of draft-ietf-v6ops-… Mohan Parthasarathy
- [Gen-art] RE: Gen-ART review of draft-ietf-v6ops-… Black_David
- [Gen-art] Re: Gen-ART review of draft-ietf-v6ops-… Pekka Savola
- [Gen-art] Re: Gen-ART review of draft-ietf-v6ops-… Mohan Parthasarathy
- RE: [Gen-art] Re: Gen-ART review ofdraft-ietf-v6o… Black_David