[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Important question about draft-ietf-ipsec-doi-tc-mib-07.txt

To: IPsec WG <ipsec@lists.tislabs.com>
Subject: Important question about draft-ietf-ipsec-doi-tc-mib-07.txt
From: "C. M. Heard" <heard@pobox.com>
Date: Sat, 5 Apr 2003 11:56:03 -0800 (PST)
cc: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>
In-Reply-To: <7D5D48D2CAA3D84C813F5B154F43B1550137C1F4@nl0006exch001u.nl.lucent.com>
Sender: owner-ipsec@lists.tislabs.com

IPsec folks,

I've been commissioned to do the MIB doctor review for
<draft-ietf-ipsec-doi-tc-mib-07.txt> but before I spend a lot of
time discussing the details I'd like to ask a very basic (and I
think very important) question.

If I correctly understand what I have read, the main content of this
draft is a set of enumerated INTEGER TCs that represent the values
of fields in IPsec-related protocol messages.  However, in many of
these TCs (all, in fact, except for IsakmpCertificateEncoding) the
DESCRIPTION clause (or the underlying reference document) has a
statement to the effect that certain ranges of values are "reserved
for private use amongst cooperating systems."  Such values do not
presently appear as named numbers in the enumeration list, and my
understanding is that they will never appear in the enumeration list
since they are not subject to assignment by the IANA.

The WG needs to be aware that (according to RFC 2578 Section 7.1.1)
the only values allowed for objects defined with these enumerated
INTEGER TCs are the named numbers that are actually present in the
enumeration list.  Thus, managed objects defined with these TCs
cannot represent values in the ranges that are reserved for private
use amongst cooperating systems.  If it is intended that objects
defined using these TCs be able to represent arbitrary values of the
corresponding parameters, including the "private use" values, then a
SYNTAX value other than enumerated INTEGER will be required -- for
instance, Unsigned32 with a subrange, as is used in the definition
of IkePrf.  Of course, in that case there would be no need to have
the IANA maintain these TCs:  they could be defined once, in a
WG-maintained document, with the value list in a conventional
assigned number registry.

I ask the WG to carefully consider whether an IANA-maintained MIB
module is really desirable in view of the above-described limitation
of enumerated INTEGER TCs.  It would be good to get an answer before
we spend a lot of time discussing detailed review comments.

Regards,

Mike Heard

Prev by Date: Re: IKEv2 cookie question
Next by Date: draft-dupont-ikev2-addrmgmt-02.txt
Prev by thread: new versions of IPsec AH and ESP specs
Next by thread: Re: Important question about draft-ietf-ipsec-doi-tc-mib-07.txt
Index(es):
- Date
- Thread