internet-dra...@ietf.org writes:
> Internet-Draft draft-ietf-ipsecme-multi-sa-performance-04.txt is now
> available. It is a work item of the IP Security Maintenance and Extensions
> (IPSECME) WG of the IETF.
>
> Title: IKEv2 support for per-resource Child SAs
This seems to cover my comments until section 5, but does not cover
the changes for section 5.1, 6, and 9. Is there some issues with those
comments?
----------------------------------------------------------------------
In section 5.1 you say that Protocol id MUST contain either 2 for AH
and 3 for ESP, but on the RFC7296 says that "If the SPI field is
empty, this field MUST be sent as zero and MUST be ignored on
receipt." and as this notify is sent with empty SPI field, then the
Protocol ID field MUST be 0 also.
--
In section 5.1 add text saying that SPI Size MUST be zero.
--
In section 5.1 fix s/opague/opaque/ twice.
--
In section 6 there is text saying:
If the IKEv2 extension defined in this document is negotiated with
the peer, an implementation which does not support receiving
per-CPU packet trigger messages MAY initiate all its Child SAs
immediately upon receiving the (only) packet trigger message it
will receive from the IPsec stack.
On the other hand there is no negotiation of the this extension. What
is this text trying to say? Perhaps simply remove change to say "If an
implementation does not support ... it MAY ..."
--
Section 9 the correct heading for the IANA registries 2nd column are
Notify Messages - Status Types
and
Notify Messages - Error Types
Currently the figure 2 is using status type header and even that does
not match iana registry.
--
kivi...@iki.fi
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
