Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-null-heuristics-01
Scott C Moonen <smoonen@us.ibm.com> Mon, 21 September 2009 20:00 UTC
Return-Path: <smoonen@us.ibm.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 771223A6B16; Mon, 21 Sep 2009 13:00:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.561
X-Spam-Level:
X-Spam-Status: No, score=-6.561 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ROMiA4-fhsS; Mon, 21 Sep 2009 13:00:44 -0700 (PDT)
Received: from e36.co.us.ibm.com (e36.co.us.ibm.com [32.97.110.154]) by core3.amsl.com (Postfix) with ESMTP id A0DC93A6B25; Mon, 21 Sep 2009 13:00:42 -0700 (PDT)
Received: from d03relay03.boulder.ibm.com (d03relay03.boulder.ibm.com [9.17.195.228]) by e36.co.us.ibm.com (8.14.3/8.13.1) with ESMTP id n8LJxhTs004202; Mon, 21 Sep 2009 13:59:43 -0600
Received: from d03av03.boulder.ibm.com (d03av03.boulder.ibm.com [9.17.195.169]) by d03relay03.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id n8LK1NVX115594; Mon, 21 Sep 2009 14:01:34 -0600
Received: from d03av03.boulder.ibm.com (loopback [127.0.0.1]) by d03av03.boulder.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id n8LK1Kdx005320; Mon, 21 Sep 2009 14:01:22 -0600
Received: from d03nm118.boulder.ibm.com (d03nm118.boulder.ibm.com [9.17.195.144]) by d03av03.boulder.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id n8LK1KsM005222; Mon, 21 Sep 2009 14:01:20 -0600
In-Reply-To: <7F9A6D26EB51614FBF9F81C0DA4CFEC80190AD328329@il-ex01.ad.checkpoint.com>
References: <7F9A6D26EB51614FBF9F81C0DA4CFEC80190AD328329@il-ex01.ad.checkpoint.com>
To: Yaron Sheffer <yaronf@checkpoint.com>
MIME-Version: 1.0
X-KeepSent: A6B9384B:FC24BEF7-85257638:0060BAF7; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.0.2 HF623 January 16, 2009
From: Scott C Moonen <smoonen@us.ibm.com>
X-MIMETrack: S/MIME Sign by Notes Client on Scott C Moonen/Raleigh/IBM(Release 8.0.2 HF623|January 16, 2009) at 09/21/2009 04:01:04 PM, Serialize by Notes Client on Scott C Moonen/Raleigh/IBM(Release 8.0.2 HF623|January 16, 2009) at 09/21/2009 04:01:04 PM, Serialize complete at 09/21/2009 04:01:04 PM, S/MIME Sign failed at 09/21/2009 04:01:04 PM: The cryptographic key was not found, Serialize by Router on D03NM118/03/M/IBM(Build V851_08302009|August 30, 2009) at 09/21/2009 14:01:19, Serialize complete at 09/21/2009 14:01:19
Message-ID: <OFA6B9384B.FC24BEF7-ON85257638.0060BAF7-85257638.006DFB7F@us.ibm.com>
Date: Mon, 21 Sep 2009 16:01:18 -0400
Content-Type: multipart/alternative; boundary="=_alternative 006DF62D85257638_="
Cc: "ipsec@ietf.org" <ipsec@ietf.org>, ipsec-bounces@ietf.org
Subject: Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-null-heuristics-01
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2009 20:00:45 -0000
Here are my comments: - Is Section 1.2 necessary? None of these terms are used in this fashion in this document. - page 8, "sees an new" => "sees a new" - page 8, "in the Section 8" => "in Section 8" - page 12, excessive space in "i.e. UDP encapsulated"; perhaps replace with comma. - page 16, "with a new SA which needs heuristics" => "produces a new SA which needs heuristics and will benefit from the existing flows". - page 21, "things what needs" => "things that need" - page 21, suggest "optimize things" => "optimize steps", just to reduce repetition - page 21, "For example implementation" => "For example, implementations" - page 25, I believe that DES-MAC has a 64-bit ICV (FIPS 113) and KPDK has a 128-bit ICV (RFC 1828). - page 30, for tunnel mode checks it might be worth just mentioning that tunnel mode is inferred by protocol 4 for IPv4 and protocol 41 for IPv6. At a high level the pseudocode seems ok to me, although there is a lot of mutual interaction between these functions due to the global state, so it can certainly benefit from as much scrutiny as possible. Overall I approve of this document. Scott Moonen (smoonen@us.ibm.com) z/OS Communications Server TCP/IP Development http://scott.andstuff.org/ http://www.linkedin.com/in/smoonen From: Yaron Sheffer <yaronf@checkpoint.com> To: "ipsec@ietf.org" <ipsec@ietf.org> Date: 09/17/2009 04:28 PM Subject: [IPsec] WG last call: draft-ietf-ipsecme-esp-null-heuristics-01 This is to begin a 2 week working group last call for draft-ietf-ipsecme-esp-null-heuristics-01. The target status for this document is Informational. Please send your comments to the ipsec list by Oct. 1, 2009, as follow-ups to this message. Note that this document has had very little review until now. We will only progress it as a WG document if we have at least 3 non-editor, non-WG chair reviewers who have read it and approve of it. And yes, this means the pseudocode, too. There has been strong support of ESP-null detection, so this document is likely to be widely implemented. Your review will mean a lot to the technical quality of this document. Please clearly indicate the position of any issue in the Internet Draft, and if possible provide alternative text. Please also indicate the nature or severity of the error or correction, e.g. major technical, minor technical, nit, so that we can quickly judge the extent of problems with the document. The document can be accessed here: http://tools.ietf.org/html/draft-ietf-ipsecme-esp-null-heuristics-01 Thanks, Yaron Email secured by Check Point Email secured by Check Point _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] WG last call: draft-ietf-ipsecme-esp-null… Yaron Sheffer
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Scott C Moonen
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Tero Kivinen
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Yoav Nir
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Yaron Sheffer
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Nicolas Williams
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Nicolas Williams
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Nicolas Williams
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Paul Hoffman
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Tero Kivinen
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Nicolas Williams
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Tero Kivinen