[IPsec] Erik Kline's No Objection on draft-ietf-ipsecme-rfc8229bis-07: (with COMMENT)
Erik Kline via Datatracker <noreply@ietf.org> Mon, 08 August 2022 02:21 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: ipsec@ietf.org
Delivered-To: ipsec@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 50DAAC14F72C; Sun, 7 Aug 2022 19:21:40 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Erik Kline via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-ipsecme-rfc8229bis@ietf.org, ipsecme-chairs@ietf.org, ipsec@ietf.org, kivinen@iki.fi, kivinen@iki.fi
X-Test-IDTracker: no
X-IETF-IDTracker: 8.12.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Erik Kline <ek.ietf@gmail.com>
Message-ID: <165992530032.50082.893551821473376870@ietfa.amsl.com>
Date: Sun, 07 Aug 2022 19:21:40 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/U_5AvmePW8dLVQUDk4CPlFQrNv8>
Subject: [IPsec] Erik Kline's No Objection on draft-ietf-ipsecme-rfc8229bis-07: (with COMMENT)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2022 02:21:40 -0000
Erik Kline has entered the following ballot position for draft-ietf-ipsecme-rfc8229bis-07: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-ipsecme-rfc8229bis/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- # Internet AD comments for {draft-ietf-ipsecme-rfc8229bis-07} CC @ekline ## Comments ### S1.1 * In "Cellular Network Access", is there a particular TS number to reference for this claim about preferring TLS for IWLAN setup? ### S2 * "Implementations MUST support TCP encapsulation on TCP port 4500": which implementations, exactly? Only TCP-supporting implementations, or all IKE/IPsec implementations? ### S6.1,6.3+,7.1,7.3,B.1,B.3,B.4 * Can the "IKETCP" be sent in a 7413 Fast Open (say, when reconnecting)? Can other IKE initiating messages be included with the SYN? Alternatively: are there concerns with use of Fast Open such that it should be forbidden? I don't see any mention of Fast Open anywhere in this doc, and I kinda think /something/ should maybe be said, but IANATP... (I am not a transport person) ### App. A * Is there an ALPN that is typically used with TLS? ## Nits ### S3.1 * "MUST close TCP connection" -> "MUST close the TCP connection" ### S6.4 * "after receiving error notification" -> "after receiving an error notification"? ### S6.7 * "stack manages DF bit" -> "stack manages the DF bit" ### S9.1 * "between all flows" -> "among all flows", perhaps ### S10 * "Note, that attacker capable to modify" -> "Note that an attacker able to modify" ### Acknowledgements * It seems a bit weird for an Author to Acknowledge himself (Tommy Pauly), but oh well ;-) :-)
- [IPsec] Erik Kline's No Objection on draft-ietf-i… Erik Kline via Datatracker
- Re: [IPsec] Erik Kline's No Objection on draft-ie… Valery Smyslov