draft-ietf-ospf-ospfv3-auth-04.txt

[Vishwas Manral <Vishwas@SINETT.COM>]

Hi,

I just did a quick read of the draft, and had some comments: -

1. I am not sure we should have a statement which says OSPFv3 is only for IPv6.
"As OSPFv2 is only for IPv4 and OSPFv3 is only for IPv6, the distinction between the packets can be easily made by IP version. "
2. I think the value of next header field in the ESP header to indicate OSPFv3 should be specified, though it may seem a trivial question.
3. ESP already states that "integrity-only (MUST be supported)" do we really need to put down "ESP with NULL encryption MUST be supported in transport mode".
4. I think we may want to state that Authentication service must always be supported whenever we do encryption. Our primary aim is to have data integrity right(anyway encryption only service is a MAY for ESP)?
5. OSPF packets received in clear text or with incorrect AH Integrity Check Value (ICV) MUST be dropped when authentication is enabled. 
Do we mean only AH/ICV or do we need ESP ICV too? Besides do we need to state about combined mode algorithms like AES-CCM where ICV may not checked even when authentication is done.
6. SA Granularity and Selectors section - I think you are referring to parallel links we may want to state that too.
7. Changing Keys may also be required in case of sequence number rollover.
8. Would we want to refer to the newer drafts for ESP/AH drafts rather then the old RFC's itself?
Thanks,
Vishwas