comment on draft-ietf-ipsec-udp-encaps-07.txt

chris stillson <stillson@cardholder.eng.sun.com> Thu, 15 January 2004 23:52 UTC

From: chris stillson <stillson@cardholder.eng.sun.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <16391.2371.833481.654023@gargle.gargle.HOWL>
Date: Thu, 15 Jan 2004 13:42:27 -0800
To: ipsec@lists.tislabs.com
Subject: comment on draft-ietf-ipsec-udp-encaps-07.txt
Reply-To: chris.stillson@sun.com
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Content-Transfer-Encoding: 7bit

According to the udp encapsulation draft, 

2. Packet Formats

2.1  UDP-encapsulated ESP Header Format
....
The UDP header is a standard [RFC 768] header, where
- Source Port and Destination Port MUST be the same as used by
   IKE traffic.

But, one of the ports must be 4500 on the wire. And the destination
port seen by any implementation must be 4500. There seems to be some
implication that encapsulation could happen over port 500. I think the 
language should be tightened to that this only happens over port 4500
(and an ephemeral port in some cases). I think this could lead to
possible interoperability problems otherwise.


chris stillson
IPSEC crypto monkey
x82477

Note: Preceding comments written by an engineer. There is nothing
to read into them. He really has no hidden motives or agendas.

1.Right Understanding 2.Right Thoughts 3.Right Speech 4.Right Action 
5.Right Livelihood 6.Right Effort 7.Right Mindfulness 8.Right Concentration 
--Please inform author if he has forgotten about any of these

comment on draft-ietf-ipsec-udp-encaps-07.txt chris stillson