Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-null-heuristics-01
Tero Kivinen <kivinen@iki.fi> Tue, 22 September 2009 10:51 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8AA583A6A0F; Tue, 22 Sep 2009 03:51:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.553
X-Spam-Level:
X-Spam-Status: No, score=-2.553 tagged_above=-999 required=5 tests=[AWL=0.046, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nMPu154BEx8i; Tue, 22 Sep 2009 03:51:10 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) by core3.amsl.com (Postfix) with ESMTP id 5B4763A68D1; Tue, 22 Sep 2009 03:51:10 -0700 (PDT)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.3/8.13.8) with ESMTP id n8MAl5Yd026366 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 22 Sep 2009 13:47:05 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.3/8.12.11) id n8MAl4eI011416; Tue, 22 Sep 2009 13:47:04 +0300 (EEST)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <19128.43815.988530.380031@fireball.kivinen.iki.fi>
Date: Tue, 22 Sep 2009 13:47:03 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: Scott C Moonen <smoonen@us.ibm.com>
In-Reply-To: <OFA6B9384B.FC24BEF7-ON85257638.0060BAF7-85257638.006DFB7F@us.ibm.com>
References: <7F9A6D26EB51614FBF9F81C0DA4CFEC80190AD328329@il-ex01.ad.checkpoint.com> <OFA6B9384B.FC24BEF7-ON85257638.0060BAF7-85257638.006DFB7F@us.ibm.com>
X-Mailer: VM 7.19 under Emacs 21.4.1
X-Edit-Time: 17 min
X-Total-Time: 86 min
Cc: "ipsec@ietf.org" <ipsec@ietf.org>, ipsec-bounces@ietf.org
Subject: Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-null-heuristics-01
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Sep 2009 10:51:11 -0000
Scott C Moonen writes:
> - Is Section 1.2 necessary? None of these terms are used in this fashion
> in this document.
True. Removed.
> - page 8, "sees an new" => "sees a new"
> - page 8, "in the Section 8" => "in Section 8"
Fixed.
> - page 12, excessive space in "i.e. UDP encapsulated"; perhaps replace
> with comma.
xml2rfc seems to want to put it there, but that is something that can
be fixed in the final RFC editing phase.
> - page 16, "with a new SA which needs heuristics" => "produces a new SA
> which needs heuristics and will benefit from the existing flows".
Fixed.
> - page 21, "things what needs" => "things that need"
> - page 21, suggest "optimize things" => "optimize steps", just to reduce
> repetition
> - page 21, "For example implementation" => "For example, implementations"
Fixed.
> - page 25, I believe that DES-MAC has a 64-bit ICV (FIPS 113) and KPDK has
> a 128-bit ICV (RFC 1828).
RFC4306 does not give reference to AUTH_DES_MAC, and the AUTH_KPDK_MD5
reference is to RFC1826 whic does not define it. I do not want to put
those there as both of them are actually quite unsecure and should not
be used anyways.
Changed to:
// AUTH_DES_MAC and AUTH_KPDK_MD5 are left out from
// this document.
> - page 30, for tunnel mode checks it might be worth just mentioning that
> tunnel mode is inferred by protocol 4 for IPv4 and protocol 41 for IPv6.
Changed it to be:
// Tunnel mode checks (protocol 4 for IPv4 and protocol 41 for
// IPv6) is also left out from here to make the document shorter.
--
kivinen@iki.fi
- [IPsec] WG last call: draft-ietf-ipsecme-esp-null… Yaron Sheffer
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Scott C Moonen
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Tero Kivinen
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Yoav Nir
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Yaron Sheffer
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Nicolas Williams
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Nicolas Williams
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Nicolas Williams
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Paul Hoffman
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Tero Kivinen
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Nicolas Williams
- Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-… Tero Kivinen