[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

comments on draft-ietf-ipsec-isakmp-08.txt

Section 3.5, describes the Payload Length of a Proposal Payload as:

 o  Payload Length (2 octets) - Length in octets of the entire Proposal
    payload, including the Proposal payload, and all Transform payloads
    associated with this proposal.  In the event there are multiple
    proposals with the same proposal number (see section 4.1), the

This seem a bit circular ("the entire Proposal payload, including the
Proposal payload").

I think that transform payloads ought to be considered part of the
payload of their proposal.  As such, the diagram for the Proposal
Payload ought to be be changed to include them.  Then this would not
seem so confusing.

Section 3.8 describes the Identification Payload.

 o  RESERVED2 (3 octets) - Unused, set to 0.

This field is used in the IPsec DOI to hold Port and Protocol.  If I
interpret everything correctly, this is invalid.  The best fix would
be to change this field to be DOI-specified (as is done for the
Identification Data).

Section 3.14, in describing the Notification Payload, says:

 o  Domain of Interpretation (4 octets) - Identifies the DOI (as
    described in Section 2.1) under which this notification is taking
    place.  For the Internet, the DOI is one (1).  Other DOI's can be
    defined using the description in appendix B.

As far as I can tell, 1 is the DOI for "IETF IP Security DOI" (as
described in 2.1).  This would better be shortened to "IPsec DOI"
rather than "Internet DOI".

I think this description ought to mention 0 for the ISAKMP DOI too.

These comments probably apply to other places in the draft (for
example 3.15).

I think that the ISAKMP DOI may need to be spelled out as per appendix
B.

Hugh Redelmeier
hugh@mimosa.com  voice: +1 416 482-8253