Re: ipsp-policy-pib

[Juergen Schoenwaelder <schoenw@ibr.cs.tu-bs.de>]

>>>>> Wijnen, Bert (Bert) writes:

Bert> What do people think of the use of INET-ADDRESS-MIB TCs in
Bert> document draft-ietf-ipsp-ipsecpib-07.txt

Bert> See specifically The ipSecAddressTable

Bert> I am sort of too overloaded to do detailed checking on PIB
Bert> documents. At the other hand... strange things are being done as
Bert> far as I can tell.

My understanding is that the table allows to model the union of

a) a single IP address
b) a subnet consisting of an IP address and the prefix length
c) an IP address range

The description of the various objects could IMHO be improved to say
clearly how the three cases are distinguished and what the values for
the other objects will be.

I find it a bit inconsistent that the description of
ipSecAddressAddressType says that all address types are accepted
(which means that for instance DNS names must be looked up at PEP
install time) while other descriptions say that you can not use a
prefix with all types (although this would still be well defined with
the above rule) but probably a not really useful feature.

In short, I am concerned that there are lots of useful but also lots
of not really useful or even broken value combinations in this table
and it is not clearly spelled out what these are as far as I can tell.

/js

-- 
Juergen Schoenwaelder		International University Bremen
Phone: +49 421 200 3587		P.O. Box 750 561, 28725 Bremen, Germany
Fax:   +49 421 200 3103		<http://www.iu-bremen.de/>