[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IANA template document



-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Tero" == Tero Kivinen <kivinen@iki.fi> writes:
    Tero> Michael Richardson writes:
    >> IKEv2 Payload Types IKEv2 Transform Types

    Tero> How about the protocol-id inside the Proposal Substructure?  It is
    Tero> currently only defined in the draft, there is no table, and it have
    Tero> only 3 values (0 = IKE, 1 = ESP, 2 = AH). Are there going to be new

  Hmm. Too bad we can't use the "IKEv2 Security Protocol Identifiers".
  They are:

      IKE_SA                                  1    (IKEv2 section 3.11)
      AH - authentication header              2    (IKEv2 section 3.11)
      ESP - encapsulated security payload     3    (IKEv2 section 3.11)

  defined fo the Delete Payload in 3.11. Maybe these should be the same
table? 
  {I'm also partial to using "17", "50" and "51" as the values, but I think
it is certainly too late for that...}

    Tero> IKEv2 Proposal Substructure Protocol-IDs

  okay, I'll add it for now.
  Is there an amending formula for it?

    >> IKEv2 Encryption Transform Values IKEv2 Pseudo-ramdom Function
    >> Transform Values IKEv2 Integrity Algorithm Transform Values IKEv2
    >> Diffie-Hellman, ECP and EC2N Transform Values IKEv2 Extended Sequence
    >> Numbers Transform Values

    Tero> These are actually Transform IDs not Transform Values, i.e

  okay, renamed them.

    Tero> Another thing I noticed is that the section 3.4 Key Exchange
    Tero> Payload should have pointer back to the section 3.3.2 Transform
    Tero> Substructure / Transform Type 4 (Diffie-Hellman Group) Transform
    Tero> IDs for the DH Group #.

    Tero> It currently does not have that pointer.

  This is a comment directed at IKEv2-11.txt, not my document, right?

    >> IKEv2 Identification Types

    Tero> IKEv2 Identification Payload ID Types

  Done.

    >> IKEv2 Certification Payload Format

    Tero> IKEv2 Certificate Encodings

  Done.

    >> IKEv2 Authentication Method IKEv2 Notification Payload Type

    Tero> How about the Notify Payload S_Protocol_IDs? Again This is only
    Tero> defined to have 3 values (1 = IKE_SA, 2 = ESP, 3 = ESP, note
    Tero> different values than proposal substructure protocol-ID!). Should
    Tero> we include this too?

  They are there as the IKEv2 Security Protocol ID.
  The Notify S_Protocol_ID and Delete are the same values.
  
    Tero> IKEv2 Notify Payload / Security Protocol ID

    Tero> (For some reason the S_Protocol_ID / SECURITY_PROTOCOL_ID is using
    Tero> underscores, instead of dashes, some other places use Protocol-Id
    Tero> instead).

  Charlie, can this be fixed?
  Would you like diff's sent?

    >> IKEv2 IPComp Transform IDs IKEv2 Security Protocol ID

    Tero> Which protocol id this is? The Proposal, Notify or Delete payload
    Tero> Security Protocol ID? Because of its location I assume it is the
    Tero> Delete payload S_PROTOCOL_ID (again with underscores and capital
    Tero> letters).

  The document makes it clear where they occur.
  How about:
    IKEv2 Notification IPCOMP Transform IDs 

    >> IKEv2 Traffic Selector Types IKEv2 Configuration request types

    Tero> IKEv2 Configuration Payload CFG Type

    Tero> or something like that. It would be good to try to match the
    Tero> exactly same texts we have in the IKEv2 document.

  Thank for the reply.
  It is pretty important that we have good names for the number spaces
so that nobody get confused.
  
  Chairs, can the IKEv2 Proposal Substructure Protocol-IDs and IKEv2 Security
Protocol ID spaced be combined?

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

  


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBP+CwIoqHRg3pndX9AQH7HwQA43loWlwD9qxix3zeyfwI5P4VT4Z5YUrB
IG7jrJAFzCZmtwxFGiiyZjnvX2J04Py5TcV15xLIzHjv22pHxVWKYLXEg1hQ/Dl0
b7vxVIN+vCGMvkGmj0ljCaPdh5jm2ZwGAVosRxPBE0oUV1Y3fReebTK8HDP9H02i
qaghQOdkAnM=
=8+uE
-----END PGP SIGNATURE-----