[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Comments on draft-tschofenig-v6ops-secure-tunnels-03.txt - updated

To: v6ops@ops.ietf.org
Subject: Comments on draft-tschofenig-v6ops-secure-tunnels-03.txt - updated
From: Elwyn Davies <elwynd@dial.pipex.com>
Date: Wed, 19 Jan 2005 09:34:27 +0000

Thinking further about these comments, i realised I had not been thinking clearly about the S5 issue on unicast vs multicast SAs. The SA is of course for the tunnel which is strictly unicast, so the issue I raised is a red herring.

However, it also occurred to me that the specifications intended to cope with neighbor discovery and SAAC may be unnecessarily wide since the only relevant traffic is between the two tunnel end points which constitute the (point-to-point) link in these cases.

Regards,
Elwyn

==============================
Comments copied from original message:

Hi.

This seems a useful guide to using v6 in v4 tunnels in conjunction with IPsec.

I have a few comments (but not much in the way of contributions to the open issues): S3.2: Last para: A bit more explanation of the alternative solution would help. S3.2: Some mention of potential scalability issues here - if i understand correctly a tunnel and SA per host in the site is needed. S5.1 (and elsewhere): The acronyms IDc1 and IDcr may need expansion [Deleted point about need for multicast SAs] S5: Where the SPD rule applies to a prefix, it might be clearer to use a different operator (like ~) to indicate prefix matching rather than equality (=). S5:the packet format piece at the end of the section probably deserves a separate section.

I have also made a number of editorial suggestions directly to the document editor.

Regards, Elwyn

Prev by Date: (RFC2766) NATPT-BIS
Next by Date: Send in requests for agenda slots for IETF62
Previous by thread: (RFC2766) NATPT-BIS
Next by thread: Send in requests for agenda slots for IETF62
Index(es):
- Date
- Thread