Comments on draft-metzger-ah-01.txt
David Waitzman <djw@bbn.com> Sun, 19 March 1995 19:58 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa02778; 19 Mar 95 14:58 EST
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa02774; 19 Mar 95 14:58 EST
Received: from interlock.ans.net by CNRI.Reston.VA.US id aa08763; 19 Mar 95 14:58 EST
Received: by interlock.ans.net id AA05886 (InterLock SMTP Gateway 3.0 for ipsec-out@ans.net); Sun, 19 Mar 1995 14:53:41 -0500
Message-Id: <199503191953.AA05886@interlock.ans.net>
Received: by interlock.ans.net (Protected-side Proxy Mail Agent-1); Sun, 19 Mar 1995 14:53:41 -0500
To: ipsec@ans.net
Subject: Comments on draft-metzger-ah-01.txt
Date: Sun, 19 Mar 1995 14:44:14 -0500
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: David Waitzman <djw@bbn.com>
Section 2.1 second to last paragraph of Authentication Data: It says "filled with unspecified implementation dependent (random) values". The word "random" is perhaps dangerous here, since you (I presume) don't mean cryptographicly random. I suggest removing it. Section 3.1 third paragraph: Could you clarify which IP options are calculated in the calculation? IP LSRR, timestamp, etc. options are modified in transit so should not be in it. Section 3.1 last paragraph: Must the ICMP data containing part of the offending IP datagram have unmodified (e.g. pre-zeroing) values for those fields zeroed in the crypto-checksum calculation? This would require making a copy of the original datagram or at least of the fields that will be zeroed, just in case the datagram is rejected but may provide better error information. I suspect that you want the faster behavior (e.g. no copying). -david waitzman (please send responses directly to me as I'm not on the ipsec list)
- Comments on draft-metzger-ah-01.txt David Waitzman
- Re: Comments on draft-metzger-ah-01.txt William Allen Simpson
- Re: Comments on draft-metzger-ah-01.txt David Waitzman