ipsec September 2009 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-null-heu

Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-null-heuristics-01

From: Scott C Moonen <smoonen_at_nospam>
Date: Mon Sep 21 2009 - 20:01:18 GMT
To: Yaron Sheffer <yaronf@checkpoint.com>

Here are my comments:

  • Is Section 1.2 necessary? None of these terms are used in this fashion in this document.
  • page 8, "sees an new" => "sees a new"
  • page 8, "in the Section 8" => "in Section 8"
  • page 12, excessive space in "i.e. UDP encapsulated"; perhaps replace with comma.
  • page 16, "with a new SA which needs heuristics" => "produces a new SA which needs heuristics and will benefit from the existing flows".
  • page 21, "things what needs" => "things that need"
  • page 21, suggest "optimize things" => "optimize steps", just to reduce repetition
  • page 21, "For example implementation" => "For example, implementations"
  • page 25, I believe that DES-MAC has a 64-bit ICV (FIPS 113) and KPDK has a 128-bit ICV (RFC 1828).
  • page 30, for tunnel mode checks it might be worth just mentioning that tunnel mode is inferred by protocol 4 for IPv4 and protocol 41 for IPv6.

At a high level the pseudocode seems ok to me, although there is a lot of mutual interaction between these functions due to the global state, so it can certainly benefit from as much scrutiny as possible.

Overall I approve of this document.

Scott Moonen (smoonen@us.ibm.com)
z/OS Communications Server TCP/IP Development http://scott.andstuff.org/

Yaron Sheffer <yaronf@checkpoint.com>
"ipsec@ietf.org" <ipsec@ietf.org>
09/17/2009 04:28 PM
[IPsec] WG last call: draft-ietf-ipsecme-esp-null-heuristics-01

This is to begin a 2 week working group last call for draft-ietf-ipsecme-esp-null-heuristics-01. The target status for this document is Informational.

Please send your comments to the ipsec list by Oct. 1, 2009, as follow-ups to this message.

Note that this document has had very little review until now. We will only progress it as a WG document if we have at least 3 non-editor, non-WG chair reviewers who have read it and approve of it. And yes, this means the pseudocode, too. There has been strong support of ESP-null detection, so this document is likely to be widely implemented. Your review will mean a lot to the technical quality of this document.

Please clearly indicate the position of any issue in the Internet Draft, and if possible provide alternative text. Please also indicate the nature or severity of the error or correction, e.g. major technical, minor technical, nit, so that we can quickly judge the extent of problems with the document.

The document can be accessed here:



Email secured by Check Point

Email secured by Check Point

IPsec mailing list

IPsec mailing list