Date: Mon, 20 Oct 2003 23:05:59 -0700 (PDT) From: Bernard Aboba <aboba@internaut.com> To: Russ Housley <housley@vigilsec.com> cc: tytso@mit.edu, byfraser@cisco.com, kivinen@ssh.fi, angelos@cs.columbia.edu Subject: Re: IESG Comments on draft-ietf-ipsec-nat-reqts-05
Fixed and resubmitted.
On Mon, 20 Oct 2003, Russ Housley wrote:
> Three comments. Let me know how you want to proceed. > > Russ > > = = = = = = = = = > > 1. Minor error: the text currently says > > For example, there are security risks > relating to IP source routing that are precluded > by AH, but not by ESP with null encryption. > > That's only true for IPv6. Per RFC 2402, source > routing options are zeroed before calculation the > AH ICV. I suggest changing "IP" to "IPv6" in that > sentence. > > 2. The NOT should be chaned to lower case in: > > For example, requiring that a protocol support confidentiality > is NOT the same thing as requiring that all protocol traffic be > encrypted. > > 3. You will enjoy this one, but I do not think a change is needed. > > The document says: > > A protocol submission is not compliant if it fails to satisfy > one or more of the MUST or MUST NOT requirements for the > capabilities that it implements. A protocol submission that > satisfies all the MUST, MUST NOT, SHOULD and SHOULD NOT > requirements for its capabilities is said to be > "unconditionally compliant"; one that satisfies all the MUST > and MUST NOT requirements but not all the SHOULD or SHOULD NOT > requirements for its protocols is said to be "conditionally > compliant." > > Use of RFC 2119 is abstracted an amusing level. But I don't think it > can be improved. >