|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] iSNS DHC option commentsIn the hopes of encouraging others to do likewise, here are my comments from a review of draft-ietf-dhc-isnsoption-03.txt (1) If FCIP were to be added, we could run out of space in the DD Access field. I suggest moving the high order octet of Administrative Flags to DD Access and making all of those new DD Access bits RESERVED for future extensibility. (2) The Security Considerations need to include the exposure to a "bid down" attack on security policy distribution (malicious intermediary weakens the security used) and say that reliance on local policy to avoid unacceptably weak security is the countermeasure. Plus a few nits: (3) Section 2.3 - Typo in name of bit 28, Discovrery --> Discovery (4) The description of the heartbeat should probably talk about the Multicast address to which the heartbeat is sent, as opposed to the current language about where it originates. (5) Please double check that the PFS bit for security is needed. It looks like it is, as I didn't find anything obvious in a quick scan of RFC 2409 and the DOI (and IANA registry) only has KEY_IKE, and the authentication methods, with nothing to indicate PFS usage. Thanks, --David p.s. I hope to push this draft to a joint ips/dhc WG Last Call shortly after Thanksgiving. ---------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 **NEW** FAX: +1 (508) 293-7786 black_david@emc.com Mobile: +1 (978) 394-7754 ----------------------------------------------------
Home Last updated: Mon Dec 02 15:19:04 2002 12041 messages in chronological order |