Re: [IPsec] Relating the two ESP-null documents

From: Tero Kivinen <kivinen_at_nospam>
Date: Thu Sep 03 2009 - 11:50:47 GMT
To: Paul Hoffman <paul.hoffman@vpnc.org>

Paul Hoffman writes:
> At 3:50 PM +0300 8/24/09, Tero Kivinen wrote:
> >So would this text be added to both documents or what?
>
> It should go in both. That way, an implementer a year from now who
> comes across one of the RFCs will both find out about the other and
> be clear on the relationship.
>
> >If so where
> >(between section 2 and 3 in esp-null-heuristics and after or replacing
> >section 1.2 of traffic-visibility draft)?
>
> My preference for esp-null-heuristics is that this applicability
> statement be section 1.1, and that what is now section 2 (the 2119
> language) become section 1.2.

Posted new version of the draft now to the repository.

Changes are:

Added applicability statement
Processed comments from Yaron
- Added comment about UDP-encapsulated ESP and IPsec flows to new section 7.
- Fixed typos
- Added text to security considerations section that attacker can bypass inspection by other encapsulation methods too.
Processed comments from David McGrew
- Added text about IV not necessarely being random
- Added text about minimal padding
Removed the "XXX TBA -- including possible chunk-specific checking" from SCTP section (if someone will provide me text about that I will add it).
Added some more comments to the pseudocode -- kivinen@iki.fi
IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec

This message: [ Message body ]
Next message: Kalyani Garigipati (kagarigi): "[IPsec] Ikev2 HA message Id Issue"
Previous message: Internet-Drafts_at_nospam: "[IPsec] I-D Action:draft-ietf-ipsecme-esp-null-heuristics-01.txt"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]