[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
comments on IKEv2-05
I have several comments on IKEv2 that I'm going to spread
across different messages to keep from sending on huge post.
I'll start here with minor nits:
- Section 2.13 describes a Diffie-Hellman group as a cryptographic
algorithm that takes fixed size key. That is wrong.
- page 82 and the TOC: s/Author/Editor/
- Section 8.1 should include a normative reference to RFC2451.
(A good way to tell whether it's normative or informative is to
check if implementation of the requirement can be visible
externally and if it has an impact on interoperability. Yes on
both counts: normative).
- Section 1.4 The Informational Exchange says, "When SAs are nested,
as when data (and IP headers if in tunnel mode) are encapsulated
first with IPcomp, then with ESP, and finally with AH between the
same pair of endpoints...." How does one negotiate such nested SAs
using IKEv2? I don't think it's possible.
- page breaks need to be thought through more. For instance, the
Authentication Payload in section 3.8 is bisected by a page break.
thanks,
Dan.