[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

draft-ietf-mobileip-mipv6-ha-ipsec

To: iesg-secretary@ietf.org
Subject: draft-ietf-mobileip-mipv6-ha-ipsec
From: Russ Housley <housley@vigilsec.com>
Date: Tue, 15 Apr 2003 13:55:42 -0400
Cc: iesg@ietf.org

Russ Housley [ ] [ ] [ X ] [ ]

Comments:

In section 1, ESP does not provide in order delivery. The introduction indicates that this service is needed. If this is correct, then additional protocol mechanisms are needed.

In section 3, in each instance tell whether ESP is used in transport mode or tunnel mode.

In section 4.1, the document requires support for manual security association configuration. I think this should be clear that ESP SAs are being configured, not IKE pre-shared keys. Also, the phrase "IPsec protection" really means ESP enacpsulation in many different places.

Steve Kent's comments on section 4.2, 4.3, 5.1, 5.2, and 5.3 need to be addressed (see http://psg.com/~smb/draft-ietf-mobileip-mipv6-ha-ip.htm ). Since RFC 2401 is being updated, there is an opportunity for compromise, but the MobileIP and IPsec working groups need to work together in this area.

In section 4.3, I suggest that all discussion of AH be removed.

In section 4.4, there seems to be confusion about ESP replay detection. Why not just say that IKE must be used if replay protection is needed?

Prev by Date: Re: draft-zeilenga-ldap-user-schema
Next by Date: background on the ldapv2/v3 ;binary problem: chadwick cacm article
Previous by thread: Potential IPR Claims
Next by thread: background on the ldapv2/v3 ;binary problem: chadwick cacm article
Index(es):
- Date
- Thread