Re: [Gen-art] Review: draft-ietf-bmwg-ipsec-term-12
"Joel M. Halpern" <jmh@joelhalpern.com> Fri, 16 October 2009 21:56 UTC
Return-Path: <jmh@joelhalpern.com>
X-Original-To: gen-art@core3.amsl.com
Delivered-To: gen-art@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 50D253A693C for <gen-art@core3.amsl.com>; Fri, 16 Oct 2009 14:56:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.48
X-Spam-Level:
X-Spam-Status: No, score=-2.48 tagged_above=-999 required=5 tests=[AWL=0.119, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r-pWxnrS-SLq for <gen-art@core3.amsl.com>; Fri, 16 Oct 2009 14:56:58 -0700 (PDT)
Received: from hgblob.mail.tigertech.net (hgblob.mail.tigertech.net [64.62.209.71]) by core3.amsl.com (Postfix) with ESMTP id 3A1D23A6912 for <gen-art@ietf.org>; Fri, 16 Oct 2009 14:56:58 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hgblob.tigertech.net (Postfix) with ESMTP id E8CF632317AB; Fri, 16 Oct 2009 14:57:02 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at hgblob.tigertech.net
Received: from [10.10.10.101] (pool-71-161-50-68.clppva.btas.verizon.net [71.161.50.68]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by hgblob.tigertech.net (Postfix) with ESMTP id AA9D432317A9; Fri, 16 Oct 2009 14:57:01 -0700 (PDT)
Message-ID: <4AD8EC2D.4040503@joelhalpern.com>
Date: Fri, 16 Oct 2009 17:57:01 -0400
From: "Joel M. Halpern" <jmh@joelhalpern.com>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: General Area Review Team <gen-art@ietf.org>, acmorton@att.com
References: <1ECE0EB50388174790F9694F77522CCF208E1A91@zrc2hxm0.corp.nortel.com>
In-Reply-To: <1ECE0EB50388174790F9694F77522CCF208E1A91@zrc2hxm0.corp.nortel.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Ron Bonica <rbonica@juniper.net>, draft-ietf-bmwg-ipsec-term@tools.ietf.org
Subject: Re: [Gen-art] Review: draft-ietf-bmwg-ipsec-term-12
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Oct 2009 21:56:59 -0000
I have been selected as the General Area Review Team (Gen-ART) reviewer for this draft (for background on Gen-ART, please see http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html ). Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-ietf-bmwg-ipsec-term-12 Terminology for Benchmarking IPsec Devices Reviewer: Joel M. Halpern Review Date: 16-Oct-2009 IESG Telechat date: 22 Oct 2009 Summary: This document is almost ready for publication as an Informational RFC. Major issues: - Minor issues: In section 3.1.1, where Security Association is information defined the text reads "An SA is a relationship between two or more entities ..." But, section 7.4 which formally defines "Security Association" it says "It is a negotation agreement between two IPsec devices ..." Is it always two (in which case why the "or more" in section 3.1.1), or can there be more? And is it always a "negotiation agreement"? (The earlier text talked about manual provisioning of SAs.) In section 10.2 on throughput, the throughput measurement is defined in terms of packets per second. This is probably the dominant factor. However, some implementations may well be limited by cryptographic block processing, and therefore have different packet processing performance for different ranges of packet sizes. Section 10.2 should say something about the assumptions or requirements relative to packet size. I think this is important enough that it should not be assumed that readers will understand this from the reference to RFC 1242. Nits/editorial comments: The document is missing the IANA considerations placeholder. There seem to be a number of references that are missing. (while idnits catches these, it requires care as if also catches some non-errors. RFC1962 is an example of the problem.) The "Issue" in section 7.5 looks like a reasonable issue, but it appears to have nothing to do with selectors, the subject of 7.5. The definitions in section 7.7.3 and 7.7.4 define the terms "Established Tunnel" and "Active Tunnel" and defines them as "An IPsec device ...". The other tunnel definitions are in terms of the association. It is quite jarring to see a device referred to as a tunnel. Are these terms supposed to be Tunnel Endpoints? The definition of 7.10.1 describes the properties of AH, but does not actually say what it is. Instead of starting "Provides", it probably should start something like "A protocol header which provides". A similar comment applies to 7.10.2 on ESP.
- [Gen-art] Assignments for Oct 22nd, 2009 Telechat Mary Barnes
- Re: [Gen-art] Review: draft-ietf-bmwg-ipsec-term-… Joel M. Halpern
- Re: [Gen-art] Assignments for Oct 22nd, 2009 Tele… Mary Barnes