On Mon, 2010-08-02 at 08:18 -0400, David P. Quigley wrote: > On Fri, 2010-07-30 at 16:49 -0400, Paul Moore wrote: > > On Wed, 2010-07-28 at 00:30 -0700, jarrett...@oracle.com wrote: > > > A new 00 version of IKEv2 extension for security label has just been > > > published: > > > > > > http://tools.ietf.org/html/draft-jml-ipsec-ikev2-security-label-00 > > > > > > Authors welcome comments from IPsec community. > > > > Having just read the draft I think it is a bit difficult to perform any > > in-depth review without the LFS document (which is described as a work > > in progress); there just isn't any real substance in this draft in my > > opinion. > > What sort of substance are you looking for? The whole point of the LFS > document was that we could abstract the actual semantics and format of > labeling away and focus on the actual protocol instead. The Labeled > IPSec document should be able to be looked at without having to do so in > the context of a specific label type.
Basically I'm looking for the kind of substance that one could use to implement the protocol; reading this draft I just don't have that information. Perhaps the best example is in section 4.1, "Attribute Negotiation"; there is only some very vague text about failing negotiations if the label format is unrecognized, no concrete details about how to deal with recognized label formats with invalid and/or unauthorized labels. I could go on, but hopefully this is enough to demonstrate my point. -- paul moore linux @ hp _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
