[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
draft-ietf-mobileip-mipv6-ha-ipsec
Russ Housley [ ] [ ] [ X ] [ ]
Comments:
In section 1, ESP does not provide in order delivery. The introduction
indicates that this service is needed. If this is correct, then additional
protocol mechanisms are needed.
In section 3, in each instance tell whether ESP is used in transport mode
or tunnel mode.
In section 4.1, the document requires support for manual security
association configuration. I think this should be clear that ESP SAs are
being configured, not IKE pre-shared keys. Also, the phrase "IPsec
protection" really means ESP enacpsulation in many different places.
Steve Kent's comments on section 4.2, 4.3, 5.1, 5.2, and 5.3 need to be
addressed (see http://psg.com/~smb/draft-ietf-mobileip-mipv6-ha-ip.htm
). Since RFC 2401 is being updated, there is an opportunity for
compromise, but the MobileIP and IPsec working groups need to work together
in this area.
In section 4.3, I suggest that all discussion of AH be removed.
In section 4.4, there seems to be confusion about ESP replay
detection. Why not just say that IKE must be used if replay protection is
needed?