[IPsec] AD review of draft-ietf-ipsecme-ad-vpn-problem

Sean Turner <turners@ieca.com> Wed, 09 January 2013 14:17 UTC

Return-Path: <turners@ieca.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 64EC421F8700 for <ipsec@ietfa.amsl.com>; Wed, 9 Jan 2013 06:17:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.146
X-Spam-Status: No, score=-102.146 tagged_above=-999 required=5 tests=[AWL=-0.147, BAYES_00=-2.599, J_CHICKENPOX_14=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id n8CgTBfhfMsb for <ipsec@ietfa.amsl.com>; Wed, 9 Jan 2013 06:17:44 -0800 (PST)
Received: from gateway16.websitewelcome.com (gateway16.websitewelcome.com []) by ietfa.amsl.com (Postfix) with ESMTP id DC5AE21F86D9 for <ipsec@ietf.org>; Wed, 9 Jan 2013 06:17:43 -0800 (PST)
Received: by gateway16.websitewelcome.com (Postfix, from userid 5007) id E2C3BF9B64672; Wed, 9 Jan 2013 08:17:25 -0600 (CST)
Received: from gator1743.hostgator.com (gator1743.hostgator.com []) by gateway16.websitewelcome.com (Postfix) with ESMTP id C7C9EF9B6464B for <ipsec@ietf.org>; Wed, 9 Jan 2013 08:17:25 -0600 (CST)
Received: from [] (port=56735 helo=thunderfish.local) by gator1743.hostgator.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80) (envelope-from <turners@ieca.com>) id 1TswTL-0000Ju-SY; Wed, 09 Jan 2013 08:17:39 -0600
Message-ID: <50ED7C03.7090303@ieca.com>
Date: Wed, 09 Jan 2013 09:17:39 -0500
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: draft-ietf-ipsecme-ad-vpn-problem@tools.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator1743.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source-Sender: (thunderfish.local) []:56735
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 1
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IxNzQzLmhvc3RnYXRvci5jb20=
Cc: ipsec@ietf.org
Subject: [IPsec] AD review of draft-ietf-ipsecme-ad-vpn-problem
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jan 2013 14:17:44 -0000

These are pretty much just nits.  Please address Tero's comments as well.

1. We charter WGs and I'm going to go with the thought that it will 
succeed ;)

a: r/is chartered to/will

2. s1.1: Hub definition.

Verb choice:

r/there is no devices/there are no devices

3. s1.1.: Spoke definition:

Extra the:

r/in the a star/in a star

Need some ses:

r/it encrypt data coming from cleartext device
  /it encrypts data coming from cleartext devices

4. s2: Use administrative domain in s1 but organization here.  Is 
consistency needed?

Not sure what you'd think about this, but what do you think about not 
using lowercase 2119 words in any of the s2 subsections?  Reviewers 
should be able to piece together that this is the use case section and 
not the requirements section and therefore there shouldn't be any 2119 
language here - but they don't always.  To be clear, I'm not hard over 
on this.

r/must use/need
r/must/need to
r/should/ought to

5. s2.1:

Can you remove direct from "direct, point-to-point"?  Isn't direct in 
the definition?

Shouldn't "hub and spoke topology" be "star topology"?  "hub and spoke 
topology" isn't defined in s1.1.

I think you might need an "a" to match the previous sentence:

r/Such use case/Such a use case ?

r/expose them/expose themselves

6. s2.2:

An extra the:

r/for the voice and other/for voice and other

Nit picking here but I think this is clearer:

r/endpoints are administrated by separate management domains
  /endpoints are in different administrative domains

Please expand: L3VPNs and GRE.

7. s4.1:

r/firewall, NAT box/firewalls, NAT boxes

8. Req 10 + 11: Is the requirement driver under 11 for both 10 and 11? 
If so then it should be "These requirements".  If you're going to do 
this couldn't you just group 10-14 as they're the same driver for all 5? 
Or, is the driver under 10 missing?

9 s5: To match the title:

r/Problem state and requirement/problem statement and requirements

10. General: Sometimes it's ADVPN and other times it's AD VPN.

11. Allied and federated environments should be defined in the 
terminology section or at least introduced earlier in the draft.