[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Evaluation: draft-ietf-ccamp-lmp - Link Management Protocol (LMP) to Proposed Standard
- To: IESG Secretary <iesg-secretary@ietf.org>
- Subject: Re: Evaluation: draft-ietf-ccamp-lmp - Link Management Protocol (LMP) to Proposed Standard
- From: "Steven M. Bellovin" <smb@research.att.com>
- Date: Mon, 28 Apr 2003 22:38:05 -0400
- Cc: Internet Engineering Steering Group <iesg@ietf.org>
In message <200304231934.PAA03671@ietf.org>, IESG Secretary writes:
>
>Last Call to expire on: 2003-4-24
>
> Please return the full line with your position.
>
> Yes No-Objection Discuss * Abstain
>
>
>Steve Bellovin [ ] [ ] [ X ] [ ]
I'm not sure how much the ccamp and forces people talk, but isn't this
sentence:
the control channel MUST terminate on the same two nodes
that the TE link spans.
incorrect with remote control elements?
16.2:
The IPsec selectors are all SHOULDs -- what are the MUSTs?
Setting the port number to 0 means that all UDP traffic between
those nodes is protected -- is that right? I though the
document spoke of an LMP port.
The channel identifer is part of the payload, not the IP or UDP
headers, and thus can't be a selector.
IKE is listed as a SHOULD, not a MUST, but the requirements
mandate replay detection. You can't do that with manual keying.
(The requirements also mandate support for manual keying.)
If replay protection is needed, either IKE must be required,
or an application-specific replay protection mechanism must
be defined.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)