SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    iSNS DHC option comments



    In the hopes of encouraging others to do likewise, here
    are my comments from a review of draft-ietf-dhc-isnsoption-03.txt
    
    (1)  If FCIP were to be added, we could run out of space in
    the DD Access field.  I suggest moving the high order octet
    of Administrative Flags to DD Access and making all of
    those new DD Access bits RESERVED for future extensibility.
    
    (2) The Security Considerations need to include the exposure
    to a "bid down" attack on security policy distribution (malicious
    intermediary weakens the security used) and say that reliance on
    local policy to avoid unacceptably weak security is the
    countermeasure.
    
    Plus a few nits:
    
    (3) Section 2.3 - Typo in name of bit 28, Discovrery --> Discovery
    
    (4) The description of the heartbeat should probably talk about
    the Multicast address to which the heartbeat is sent, as opposed
    to the current language about where it originates.
    
    (5) Please double check that the PFS bit for security is needed.
    It looks like it is, as I didn't find anything obvious in a quick
    scan of RFC 2409 and the DOI (and IANA registry) only has KEY_IKE,
    and the authentication methods, with nothing to indicate PFS usage.
    
    Thanks,
    --David
    
    p.s.  I hope to push this draft to a joint ips/dhc WG Last Call
    	shortly after Thanksgiving.
    
    ----------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 176 South St., Hopkinton, MA  01748
    +1 (508) 293-7953 **NEW**     FAX: +1 (508) 293-7786
    black_david@emc.com        Mobile: +1 (978) 394-7754
    ----------------------------------------------------
    


Home

Last updated: Mon Dec 02 15:19:04 2002
12041 messages in chronological order