Hi Erik, thank for your comments. Please see inline.
> Erik Kline has entered the following ballot position for > draft-ietf-ipsecme-rfc8229bis-07: No Objection > > When responding, please keep the subject line intact and reply to all email > addresses included in the To and CC lines. (Feel free to cut this introductory > paragraph, however.) > > > Please refer to https://www.ietf.org/about/groups/iesg/statements/handling- > ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-ipsecme-rfc8229bis/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > # Internet AD comments for {draft-ietf-ipsecme-rfc8229bis-07} > CC @ekline > > ## Comments > > ### S1.1 > > * In "Cellular Network Access", is there a particular TS number to reference > for this claim about preferring TLS for IWLAN setup? Hm, I believe this is https://www.etsi.org/deliver/etsi_ts/133400_133499/133402/12.05.00_60/ts_133402v120500p.pdf (In particular B.2 is about using TCP/TLS encapsulation). > ### S2 > > * "Implementations MUST support TCP encapsulation on TCP port 4500": > > which implementations, exactly? Only TCP-supporting implementations, or > all IKE/IPsec implementations? Only TCP-supporting. We can change the text: Compliant implementations MUST support TCP encapsulation on TCP port 4500... > ### S6.1,6.3+,7.1,7.3,B.1,B.3,B.4 > > * Can the "IKETCP" be sent in a 7413 Fast Open (say, when reconnecting)? > > Can other IKE initiating messages be included with the SYN? > > Alternatively: are there concerns with use of Fast Open such that it should > be forbidden? I don't see any mention of Fast Open anywhere in this doc, > and I kinda think /something/ should maybe be said, but IANATP... (I am not > a transport person) I immediately see no reason why it should be forbidden, so I think for this reason there is no mention :-) > ### App. A > > * Is there an ALPN that is typically used with TLS? I'm not aware of any typical ALPN for this case. I think the IKETCP prefix serves this purpose here. > ## Nits > > ### S3.1 > > * "MUST close TCP connection" -> "MUST close the TCP connection" > > ### S6.4 > > * "after receiving error notification" -> > "after receiving an error notification"? > > ### S6.7 > > * "stack manages DF bit" -> "stack manages the DF bit" > > ### S9.1 > > * "between all flows" -> "among all flows", perhaps > > ### S10 > > * "Note, that attacker capable to modify" -> > "Note that an attacker able to modify" All fixed in editor's copy. Thank you! > ### Acknowledgements > > * It seems a bit weird for an Author to Acknowledge himself (Tommy Pauly), > but oh well ;-) > > :-) That is that :-) Regards, Valery. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
