[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Evaluation: draft-ietf-ccamp-lmp - Link Management Protocol (LMP) to Proposed Standard

To: IESG Secretary <iesg-secretary@ietf.org>
Subject: Re: Evaluation: draft-ietf-ccamp-lmp - Link Management Protocol (LMP) to Proposed Standard
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Mon, 28 Apr 2003 22:38:05 -0400
Cc: Internet Engineering Steering Group <iesg@ietf.org>

In message <200304231934.PAA03671@ietf.org>, IESG Secretary writes:
>
>Last Call to expire on: 2003-4-24
>
>	Please return the full line with your position.
>
>                    Yes    No-Objection  Discuss *  Abstain  
>
>
>Steve Bellovin      [   ]     [   ]       [ X ]      [   ]

I'm not sure how much the ccamp and forces people talk, but isn't this 
sentence:

   the control channel MUST terminate on the same two nodes
   that the TE link spans.

incorrect with remote control elements?

16.2:
	The IPsec selectors are all SHOULDs -- what are the MUSTs?
	Setting the port number to 0 means that all UDP traffic between
	those nodes is protected -- is that right?  I though the 
	document spoke of an LMP port.

	The channel identifer is part of the payload, not the IP or UDP
	headers, and thus can't be a selector.

	IKE is listed as a SHOULD, not a MUST, but the requirements
	mandate replay detection.  You can't do that with manual keying.
	(The requirements also mandate support for manual keying.)
	If replay protection is needed, either IKE must be required,
	or an application-specific replay protection mechanism must
	be defined.


		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)

Prev by Date: Re: draft-ietf-xmldsig-xc14n-00.txt
Next by Date: Re: draft-vaudreuil-mdnbis-03.txt
Previous by thread: PPVPN: next steps
Next by thread: My 1st cut on the IETF Universe
Index(es):
- Date
- Thread