[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

comments on IKEv2-05



  I have several comments on IKEv2 that I'm going to spread
across different messages to keep from sending on huge post. 
I'll start here with minor nits:

  - Section 2.13 describes a Diffie-Hellman group as a cryptographic
    algorithm that takes fixed size key. That is wrong.

  - page 82 and the TOC: s/Author/Editor/

  - Section 8.1 should include a normative reference to RFC2451.
    (A good way to tell whether it's normative or informative is to
    check if implementation of the requirement can be visible
    externally and if it has an impact on interoperability. Yes on
    both counts: normative).

  - Section 1.4 The Informational Exchange says, "When SAs are nested,
    as when data (and IP headers if in tunnel mode) are encapsulated
    first with IPcomp, then with ESP, and finally with AH between the
    same pair of endpoints...." How does one negotiate such nested SAs
    using IKEv2? I don't think it's possible.

  - page breaks need to be thought through more. For instance, the
    Authentication Payload in section 3.8 is bisected by a page break.

  thanks,

  Dan.