Hi Antony, > > Perhaps, it would be more clear if we also rename the two existing entries. > > For > example: > > > > Transform Type 5 - Anti-Replay Protection Transform IDs > > > > Number Name Reference > > 0 Used with 32-bit SN [RFC7296] > > 1 Used with 64-bit ESN [RFC7296] > > 2 Note Used [this ID] > > 3-65535 Reserved [RFC7296] > > Here is another proposal just trying to make it easier to read. > > Number Name Reference > 0 32-bit SN [RFC7296] [this ID] > 1 64-bit ESN [RFC7296] [this ID] > 2 32-bit Not Used [this ID] > 3-65535 Reserved [RFC7296]
This is similar to what I proposed in the response to Paul: Number Name Reference 0 32-bit Sequential Numbers (SN) [RFC7296] 1 64-bit Sequential Numbers (ESN) [RFC7296] 2 32-bit Arbitrary Numbers (AN) [this ID] 3-65535 Reserved [RFC7296] > > Value 0 means that receivers will receive packets with unique 32-bit SN. > > Value 1 means that receivers will receive packets with unique 64-bit > > ESN, when the upper 32 bits are not transmitted Value 2 meant that receivers > are expected to receive packets with non-unique 32-bit SN, ESN is not > applicable. > > I propose the following change. > > "which means that anti-replay protection is not applicable for the SA." > > "which means that a 32-bit number is sent in the ESP/AH Sequence Number(SN) > field of the packet. It is included as part of the packet integrity check > when an > Integrity Algorithm is chosen. However, on the receiver side, the SN might > not be > strictly monotonic, as specified in Section 3.3.3 of RFC 4303. > Therefore, it SHOULD not be used for anti-replay protection." I would add that it can repeat (perhaps covered by "not strictly monotonic", but it's better to emphasize, IMHO. > > The first two cases are identical to what RFC 4303 and RFC 7296 specify. > > > > Any opinions? Any suggestions for better names? > > Here is another proposal"Not Used" -> '32-bit Unspecified' My concern with > 'Not Used' is that it would still be part of the integrity check, meaning it > is not entirely 'Not Used.' I like '32-bit Unspecified'! Combining with the proposal above: Number Name Reference 0 32-bit Sequential Numbers (SN) [RFC7296] [this ID] 1 64-bit Sequential Numbers (ESN) [RFC7296] [this ID] 2 32-bit Unspecified [this ID] 3-65535 Reserved [RFC7296] And the name of transform can be: "Sequence Number Generation (SNG)" or something like that. Opinions? > > > I appreciate the significant effort that has gone into this I.D., which > > > has been in > > > development for a long time. However, I find that including the renaming > > > within > > > such a lengthy document can be confusing. > > > > Do you have some proposals how to make it clearer? > > ESP with full 64 bit SN, and no SN! I am asking becuse x-mas is coming:) > I’m sympathetic to the time it takes for shorter documents to progress in > our WG :) And I want a pony too :-) Regards, Valery. > -antony _______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
