[IPsec] Comments to draft-ietf-ipsecme-eap-mutual-02.txt
Tero Kivinen <kivinen@iki.fi> Tue, 18 May 2010 12:59 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 39C453A6BA4 for <ipsec@core3.amsl.com>; Tue, 18 May 2010 05:59:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.206
X-Spam-Level:
X-Spam-Status: No, score=-1.206 tagged_above=-999 required=5 tests=[AWL=-0.096, BAYES_05=-1.11]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QudV1x+XnsSM for <ipsec@core3.amsl.com>; Tue, 18 May 2010 05:59:23 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) by core3.amsl.com (Postfix) with ESMTP id 431303A6C32 for <ipsec@ietf.org>; Tue, 18 May 2010 05:58:58 -0700 (PDT)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.3/8.14.3) with ESMTP id o4ICwkJM001449 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ipsec@ietf.org>; Tue, 18 May 2010 15:58:46 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.3/8.12.11) id o4ICwjoZ019121; Tue, 18 May 2010 15:58:45 +0300 (EEST)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <19442.36613.651993.353644@fireball.kivinen.iki.fi>
Date: Tue, 18 May 2010 15:58:45 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: ipsec@ietf.org
X-Mailer: VM 7.19 under Emacs 21.4.1
X-Edit-Time: 6 min
X-Total-Time: 10 min
Subject: [IPsec] Comments to draft-ietf-ipsecme-eap-mutual-02.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 May 2010 12:59:24 -0000
I read this document and it seems to be mostly ok.
I might disagree on some parts of the section 1 text talking why EAP
is needed (I think the main reason was to support legacy systems. The
public keys are flexible enough to meet requirements of many
deployment scenarios unless your requirement includes "that must
support old legacy infrastructure"), but I do not think there is need
to change text there.
The section 3 should add text telling what protocol ID is used for the
notification, just like most of the other extensions do: "Protocol ID
and the SPI Size fields MUST both be sent as 0.", i.e. change:
The SPI size field is set
to zero, and there is no additional data associated with this
notification.
to
The protocol ID and SPI size fields are set
to zero, and there is no additional data associated with this
notification.
--
kivinen@iki.fi
- [IPsec] Comments to draft-ietf-ipsecme-eap-mutual… Tero Kivinen
- Re: [IPsec] Comments to draft-ietf-ipsecme-eap-mu… Yaron Sheffer