Opsdir telechat review of draft-ietf-ipsecme-tcp-encaps-00

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Mahesh Jethanandani
Review result: Ready

I have reviewed this document as part of the Operational
directorate’s ongoing effort to review all IETF documents being
processed by the IESG.  These comments were written with the intent of
improving the operational aspects of the IETF drafts. Comments that
are not addressed in last call may be
included in AD reviews during the IESG review.  Document editors
and WG chairs should treat these comments just like any other last
call comments.

Document reviewed:  draft-ietf-ipsecme-tcp-encaps-09

Summary: 

This document defines a method for encapsulating both the IKE control
messages as well as the IPSec data messages within a TCP connection.

Document Status:

Ready.

Comments:

The following comments look at the document both from an operational
perspective as well as a management perspective. 

Operational Considerations:

Operational considerations include installation and initial setup,
migration path, requirements on other protocols, impact on network
operations and verification of correct operation.

The document has adequately addressed issues related to initial setup,
migration path from using UDP over port 500, to port 4500 to using
TCP.

Management Considerations:

Management considerations include interoperability, fault management,
configuration management, accounting, performance and security.

Already acknowledged that there is performance impact in carrying IKE
and IPSec data messages over TCP. This includes limitation of message
lengths to UDP datagram ESP payload lengths, further impacting the
performance of the encapsulation method.

Document talks about reconfiguration of TCP encapsulation on both the
TCP Originator and TCP Responder. That includes configuration of ports
the Responder will listen on.

A run of idnits returns the following warnings:

   (See RFCs 3967 and 4897 for information about using normative
references
     to lower-maturity documents in RFCs)

  == Missing Reference: 'Appendix A' is mentioned on line 305, but not
defined

  == Missing Reference: 'Section 4' is mentioned on line 363, but not
defined

  == Missing Reference: 'ChangeCipherSpec' is mentioned on line 922,
but not
     defined

  == Missing Reference: 'CERTREQ' is mentioned on line 765, but not
defined

  == Missing Reference: 'CERT' is mentioned on line 770, but not
defined

  == Missing Reference: 'CP' is mentioned on line 814, but not
defined


     Summary: 0 errors (**), 0 flaws (~~), 6 warnings (==), 1 comment
(--).





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]