[IPsec] Gen-ART review of draft-ietf-ipsecme-roadmap-08
<david.black@emc.com> Mon, 12 July 2010 02:56 UTC
Return-Path: <david.black@emc.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EE0033A6910; Sun, 11 Jul 2010 19:56:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.299
X-Spam-Level:
X-Spam-Status: No, score=-5.299 tagged_above=-999 required=5 tests=[AWL=-1.300, BAYES_50=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ITq7f8p83GSQ; Sun, 11 Jul 2010 19:56:52 -0700 (PDT)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by core3.amsl.com (Postfix) with ESMTP id 019A93A690F; Sun, 11 Jul 2010 19:56:51 -0700 (PDT)
Received: from hop04-l1d11-si01.isus.emc.com (HOP04-L1D11-SI01.isus.emc.com [10.254.111.54]) by mexforward.lss.emc.com (Switch-3.3.2/Switch-3.1.7) with ESMTP id o6C2ukss012596 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 11 Jul 2010 22:56:47 -0400
Received: from mailhub.lss.emc.com (numailhub.lss.emc.com [10.254.144.16]) by hop04-l1d11-si01.isus.emc.com (RSA Interceptor); Sun, 11 Jul 2010 22:56:41 -0400
Received: from corpussmtp3.corp.emc.com (corpussmtp3.corp.emc.com [10.254.169.196]) by mailhub.lss.emc.com (Switch-3.4.2/Switch-3.3.2mp) with ESMTP id o6C2udis016078; Sun, 11 Jul 2010 22:56:40 -0400
Received: from CORPUSMX80B.corp.emc.com ([10.254.89.203]) by corpussmtp3.corp.emc.com with Microsoft SMTPSVC(6.0.3790.4675); Sun, 11 Jul 2010 22:56:39 -0400
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Date: Sun, 11 Jul 2010 22:56:37 -0400
Message-ID: <C2D311A6F086424F99E385949ECFEBCB03189077@CORPUSMX80B.corp.emc.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Gen-ART review of draft-ietf-ipsecme-roadmap-08
Thread-Index: Acshbdh+rbRNBc1hT52qc/HpStEy/g==
From: david.black@emc.com
To: gen-art@ietf.org, sheila.frankel@nist.gov, suresh.krishnan@ericsson.com
X-OriginalArrivalTime: 12 Jul 2010 02:56:39.0575 (UTC) FILETIME=[D994CA70:01CB216D]
X-EMM-EM: Active
Cc: ipsec@ietf.org, turners@ieca.com, paul.hoffman@vpnc.org, david.black@emc.com, yaronf@checkpoint.com
Subject: [IPsec] Gen-ART review of draft-ietf-ipsecme-roadmap-08
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jul 2010 02:56:53 -0000
I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq . Please resolve these comments along with any other comments you may receive. Summary: This draft is on the right track, but has open issues, described in the review. This is a very useful summary of all of the RFCs (and some in-progress Internet-Drafts) that specify or are related to IPsec. It will be very useful to those new to IPsec, as it describes the organization of the RFCs and relationships among them. I found one open issue - Sections 5.4.1 and 5.4.2 mis-state the applicability of combined mode algorithms to IPsec-v2. All of the other comments in this review are minor. Section 2.2 lists the RFC # range for IPsec-v1. Please also list the RFC # ranges for IPsec-v2 and IPsec-v3. ** Sections 5.4.1 and 5.4.2 both contain a NOTE stating that combined mode algorithms are "not a feature of IPsec-v2" and hence lists them as N/A. That's not correct. The correct situation is: - Combined mode algorithms for ESP can be negotiated as encryption algorithms (the integrity protection algorithm would typically be omitted proposals that do this). - Combined mode algorithms cannot be used with IKEv1, as they're incompatible with its design (see the Introduction section of RFC 5282 for a more detailed explanation). Hence the N/A entries for IKEv1 are correct, but both AES-CCM and AES-GCM should be "optional" for ESPv2 (and the NOTE should be revised accordingly). Section 5.4.3 - RFC 5282 is based on a combined mode framework in RFC 5116. Section 8.4.1 appears to apply to IPsec-v2 only, and not IPsec-v3. If that is correct, it should be stated. Section 8.8.1 also appears to be IPsec-v2 only, and in addition to stating that should comment that this was not widely adopted, and NAT traversal is the commonly used mechanism to deal with NATs. In Section 9.2.1, "Fibre Channel/SCSI" --> "Fibre Channel". If you want to cite the RFCs involved, IP over FC is RFC 4338 and FC over IP is RFC 3821. idnits 2.12.04 found some minor nits: ** There are 4 instances of too long lines in the document, the longest one being 3 characters in excess of 72. Thanks, --David ---------------------------------------------------- David L. Black, Distinguished Engineer EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 FAX: +1 (508) 293-7786 david.black@emc.com Mobile: +1 (978) 394-7754 ----------------------------------------------------
- [IPsec] Gen-ART review of draft-ietf-ipsecme-road… david.black
- Re: [IPsec] Gen-ART review of draft-ietf-ipsecme-… Paul Hoffman
- Re: [IPsec] Gen-ART review of draft-ietf-ipsecme-… david.black
- [IPsec] Gen-ART review of draft-ietf-ipsecme-road… david.black