[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: Evaluation: draft-ietf-ccamp-lmp - Link Management Protocol (LMP) to Proposed Standard

To: "Ccamp-wg (E-mail)" <ccamp@ops.ietf.org>
Subject: FW: Evaluation: draft-ietf-ccamp-lmp - Link Management Protocol (LMP) to Proposed Standard
From: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>
Date: Tue, 29 Apr 2003 06:36:53 +0200

Issues from IESG review

-----Original Message-----
From: Steven M. Bellovin [mailto:smb@research.att.com]
Sent: dinsdag 29 april 2003 4:38

I'm not sure how much the ccamp and forces people talk, but isn't this 
sentence:

   the control channel MUST terminate on the same two nodes
   that the TE link spans.

incorrect with remote control elements?

16.2:
	The IPsec selectors are all SHOULDs -- what are the MUSTs?
	Setting the port number to 0 means that all UDP traffic between
	those nodes is protected -- is that right?  I though the 
	document spoke of an LMP port.

	The channel identifer is part of the payload, not the IP or UDP
	headers, and thus can't be a selector.

	IKE is listed as a SHOULD, not a MUST, but the requirements
	mandate replay detection.  You can't do that with manual keying.
	(The requirements also mandate support for manual keying.)
	If replay protection is needed, either IKE must be required,
	or an application-specific replay protection mechanism must
	be defined.


		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)

Prev by Date: RE: CCAMP WG Last Call for Overlay document
Next by Date: I-D ACTION:draft-ietf-ccamp-gmpls-architecture-06.txt
Previous by thread: RE: Proposed response to the Liaison Statement on LMP Link Verific ation
Next by thread: I-D ACTION:draft-ietf-ccamp-gmpls-architecture-06.txt
Index(es):
- Date
- Thread