Hi Paul,
Adding Ben (IPsecME AD) and Erik (LWIG AD) to the CC list for an early heads up.
Thanks for reviewing the document. I'll let the authors provide answers to your
review.
On the procedural side of things: this document is within the LWIG charter
(https://datatracker.ietf.org/wg/lwig/cha
On Mon, 22 Mar 2021, Mohit Sethi M wrote:
Adding Ben (IPsecME AD) and Erik (LWIG AD) to the CC list for an early heads up.
Thanks for reviewing the document. I'll let the authors provide answers to your
review.
On the procedural side of things: this document is within the LWIG charter
(https
Paul Wouters writes:
> On Sun, 21 Mar 2021, Daniel Migault wrote:
>
> (replying to some issues here, but also added a full review of the document)
>
> Side note: I am bit confused why this document would not be a document
> from the IPsecME WG ? I know we talked about this before? Did we decide
>
On Mon, 22 Mar 2021, Tero Kivinen wrote:
In general, this draft is very "wordy" because it is trying to steer
itself around a lot of problems, without making firm decisions. But
the point of an RFC is that it should make clear decisions that
implementers can adopt clearly. As such, I'm not in fa
Hi Paul,
A large part of your comments result from a confusion between the use of
SPI in IKE and ESP. This discussion has already been set in [1]. Other
comments currently led to two minor updates in the document that have been
published here [2]. So far I believe your concerns have been addresse
Paul Wouters writes:
> Reading back now, I think with some clarifications added, I am okay
> with the document. I think the list of clarifications we now have is:
I think your list of things to add is mostly ok.
Note, that on some enviroments creating random numbers is possible,
but it takes time
Hi,
To complement my previous response, I have added some text provided by Tero
to clarify the generation of SN from the time. We also added some
explanation around anti replay as well as some more context on the various
constraints different devices may have. We also add some clarification
about
On Fri, 19 Mar 2021, Tommy Pauly wrote:
This implies that the new IKE_SA_INIT is a retry of the same IKE SA. Indeed, at
least for our client, we don’t reset the SA values.
Yes, for a client sure. But for a server there is no guarantee the
client will come back. There is no point in keeping an
