Re: comments on draft-ietf-new-auth-00

[Stephen Kent <kent@bbn.com>]

Rob,


	Thanks for the feedback;  we worked on clarifying wherever
possible, but the messages last week show that we still have some work
ahead of us.  Now onto your comments:

Section 1
	I agree that often one will not need to use AH and ESP together,
now that we have integrity/authentication options within ESP, and assuming
that we adopt the revised ESP, that makes encryption optional.  However, if
one makes use of security labels, AH is important in transport mode.  Also,
in IPv6, use of AH to protect the new style source routing header has been
cited as a motivation for using AH.

Section 2.2
	I'm all in favor of removing the null algorithm, or rewording if
this is just a debugging place holder.

Section 3.2.2
	You caught me!  We'll reword to make it clear that the first packet
packet on the wire should be number 1.   We'll also add that the receive
counter should be initialized to 0.

Section 3.2.3.1.1
	OK, that's a good explanation for the DF flag, but how about OFFSET?

Section 3.3.2
	If others do not object, I'm happy to add your proposed text.

Section 3.3.3
	The algorithm should be updated, as you note, to reflect the split
processing.  We get a brief reprieve on this, since we pushed it to an
appendix in the architecture document.

---

Follow-Ups:

• Re: comments on draft-ietf-new-auth-00
• From: Norman Shulman <norm@border.com>

References:

• comments on draft-ietf-new-auth-00
• From: adams@cisco.com (Rob Adams)

---

• Prev by Date: Re: MUST vs. SHOULD audit
• Next by Date: Re: comments on draft-ietf-ipsec-new-esp-00
• Prev by thread: comments on draft-ietf-new-auth-00
• Next by thread: Re: comments on draft-ietf-new-auth-00
• Index(es):
  • Main
  • Thread