Hi, RFC 4306 has an extremely long introductory section, which basically contains a normative description of the main protocol exchanges. In v2bis, we tried to stick to the original section order, but I think that making a change here would make the document much more understandable, especially to newcomers. I suggest to keep the introduction short, and move the normative description of the basic protocol exchanges into its own section.
So instead of the current: 1. Introduction 1.1. Usage Scenarios 1.1.1. Security Gateway to Security Gateway Tunnel Mode 1.1.2. Endpoint-to-Endpoint Transport Mode 1.1.3. Endpoint to Security Gateway Tunnel Mode 1.1.4. Other Scenarios 1.2. The Initial Exchanges 1.3. The CREATE_CHILD_SA Exchange 1.3.1. Creating New Child SAs with the CREATE_CHILD_SA Exchange 1.3.2. Rekeying IKE SAs with the CREATE_CHILD_SA Exchange 1.3.3. Rekeying Child SAs with the CREATE_CHILD_SA Exchange 1.4. The INFORMATIONAL Exchange 1.4.1. Deleting an SA with INFORMATIONAL Exchanges 1.5. Informational Messages outside of an IKE SA 1.6. Requirements Terminology 1.7. Differences Between RFC 4306 and This Document 2. IKE Protocol Details and Variations I'd like to propose: 1. Introduction 1.1. Usage Scenarios 1.1.1. Security Gateway to Security Gateway Tunnel Mode 1.1.2. Endpoint-to-Endpoint Transport Mode 1.1.3. Endpoint to Security Gateway Tunnel Mode 1.1.4. Other Scenarios 1.2. Requirements Terminology 2. IKE Protocol Overview (or "Essentials") [today's Sec. 1.2-1.5] 2.1. The Initial Exchanges 2.2. The CREATE_CHILD_SA Exchange 2.2.1. Creating New Child SAs with the CREATE_CHILD_SA Exchange 2.2.2. Rekeying IKE SAs with the CREATE_CHILD_SA Exchange 2.2.3. Rekeying Child SAs with the CREATE_CHILD_SA Exchange 2.3. The INFORMATIONAL Exchange 2.3.1. Deleting an SA with INFORMATIONAL Exchanges 2.4. Informational Messages outside of an IKE SA 3. IKE Protocol Details and Variations [today's Sec. 2] Appendix X: Differences Between RFC 4306 and This Document [today's Sec. 1.7] Do you see value in this, or do you prefer keeping the existing order? Thanks, Yaron
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec