> Ok, I will send new one now (hopefully I do not need to update xml2rfc
> again this time, I did it already yesterday :-)
Thanks -- I've now asked the secretariat to start the IETF Last Call.
Best regards,
Pasi
___
IPsec mailing list
IPsec@ietf.org
htt
pasi.ero...@nokia.com writes:
> I'm OK with either one (but AH is a very stable and mature protocol,
> so while it's not as widely used, I would expect the level of testing
> has been quite substantial...).
I think I last tested AH in interop events in San-Diego interop 2000
or so. We might have d
Alfred =?hp-roman8?B?SM5uZXM=?= writes:
> and later:
>
>[...] Routers MUST NOT drop
> packets merely because one or more of these reserved bits has a
> non-zero value.
This and Pasi's comments were strong enough, so I removed offending
check of
Tero Kivinen wrote:
> > > > - Section 2.1, suggesting that AH might have more bugs doesn't
> > > > sound
> > > > like an argument that belongs in this document.
> > >
> > > It was one of the arguments which was given when people said why
> > > they do not want to use AH.
> >
> > Nevertheless, as i
pasi.ero...@nokia.com writes:
> Tero Kivinen wrote:
>
> > > - Section 8.1: AUTH_HMAC_MD5_128 and AUTH_HMAC_SHA1_160 are not
> > > defined for IPsec ESP; these algorithms apply only to the
> > > FiberChannel security protocols. So they should be removed from
> > > this list (and since this was the
Tero Kivinen wrote:
> > - Section 8.1: AUTH_HMAC_MD5_128 and AUTH_HMAC_SHA1_160 are not
> > defined for IPsec ESP; these algorithms apply only to the
> > FiberChannel security protocols. So they should be removed from
> > this list (and since this was the only algorithm with 160-bit ICV,
> > handl
Regarding Pasi's comment on TCP header flags:
> - Appendix A.2, "Verify TCP": the bits that are currently reserved
> might get allocated in the future (and half of the bits that were
> reserved in RFC 793 have been since allocated -- so it's not very
> clear exactly what "TCP.reserved_bits"
pasi.ero...@nokia.com writes:
> I've now done my AD review for the heuristics draft. Mostly the draft
> looks good, and all my comments are relatively minor. Least-minor
> first:
>
> - Appendix A.1: The pseudocode has couple of places where it says
> "Drop invalid packet"; it seems these are wrong
I've now done my AD review for the heuristics draft. Mostly the draft
looks good, and all my comments are relatively minor. Least-minor
first:
- Appendix A.1: The pseudocode has couple of places where it says
"Drop invalid packet"; it seems these are wrong when the packet is UDP
encapsulated (this
