ipsec September 2009 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-null-heu

Re: [IPsec] WG last call: draft-ietf-ipsecme-esp-null-heuristics-01

From: Tero Kivinen <kivinen_at_nospam>
Date: Tue Sep 22 2009 - 10:47:03 GMT
To: Scott C Moonen <smoonen@us.ibm.com>

Scott C Moonen writes:
> - Is Section 1.2 necessary? None of these terms are used in this fashion
> in this document.

True. Removed.

> - page 8, "sees an new" => "sees a new"
> - page 8, "in the Section 8" => "in Section 8"


> - page 12, excessive space in "i.e. UDP encapsulated"; perhaps replace
> with comma.

xml2rfc seems to want to put it there, but that is something that can be fixed in the final RFC editing phase.

> - page 16, "with a new SA which needs heuristics" => "produces a new SA
> which needs heuristics and will benefit from the existing flows".


> - page 21, "things what needs" => "things that need"
> - page 21, suggest "optimize things" => "optimize steps", just to reduce
> repetition
> - page 21, "For example implementation" => "For example, implementations"


> - page 25, I believe that DES-MAC has a 64-bit ICV (FIPS 113) and KPDK has
> a 128-bit ICV (RFC 1828).

RFC4306 does not give reference to AUTH_DES_MAC, and the AUTH_KPDK_MD5 reference is to RFC1826 whic does not define it. I do not want to put those there as both of them are actually quite unsecure and should not be used anyways.

Changed to: // AUTH_DES_MAC and AUTH_KPDK_MD5 are left out from // this document.

> - page 30, for tunnel mode checks it might be worth just mentioning that
> tunnel mode is inferred by protocol 4 for IPv4 and protocol 41 for IPv6.

Changed it to be: // Tunnel mode checks (protocol 4 for IPv4 and protocol 41 for // IPv6) is also left out from here to make the document shorter. -- kivinen@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec