Continuing at sec 6.1:
Skipping 6.2 for now, as it will not be used for current use case (I
realize I may have one for Manned Aircraft).
Good til 7.2, then skipping 7.2 and 7.3 for now.
I like 7.4 in that UDP gets compressed to zero bytes. And the way you
have constructed diet-esp to include transport, a separate SCHC rule for
transport is not needed. Now if the payload is CoAP, then things will
be different. Per the rfc 8824.
Skip 7.5 and 7.6
Sec 11:
Security Parameter Index (SPI):
Until Diet-ESP is not deployed outside the scope of IoT and small
devices,
r/ not / /
?
What is that not doing there?
Sequence Number (SN): If incremented for each ESP packet, the SN may
leak some information like the amount of transmitted data or the
age of the sensor.
If 2 bytes of SN are sent using a counter, there is little to no leakage
of sensor age.
If little traffic from sensor then only 1 byte may be better for this
purpose.
I just don't see this as a risk if care is taken. You may want to say this.
Finally where is the open source code available?
You need a UDP app in transport mode example in App 1. :)
If you get this draft active, I will work on providing that example. ;)
thanks.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec