Document: draft-ietf-ipsec-ikev2-14
Reviewer: Scott W Brim
Date: June 8, 2004

This draft is good and is ready for Proposed Standard.  

I'm not a security wiz and I can only comment on the principles and the
details, not the usefulness of particular algorithms or semantics, but I
don't see any gotchas.  I have some editorial nits to pick but imho they
aren't significant enough to rate even a Discuss, and shouldn't keep it
from being progressed.  The nits are not in any of the protocol
mechanisms, just in presentation and optional further discussion.  

It still says 2026, but the RFC editor will clean that up along with
single spacing and such.

If the document gets opened up again for some reason, consider these as
suggestions to the editor ...

The following are editorial nits.  

  "IKE performs mutual authentication between two parties and
  establishes an IKE security association that includes shared secret
  information that can be used to efficiently establish SAs for ESP
  [RFC2406] and/or AH [RFC2402] and a set of cryptographic algorithms"

    - After the first instance of security association, put "(SA)" in
      parentheses.

  "The first request/response of an IKE session negotiates security
  parameters for the IKE_SA, sends nonces, and sends Diffie-Hellman
  values. We call the initial exchange IKE_SA_INIT (request and
  response)." 

    - Up above you already called it IKE_SA_INIT, so just say
      "IKE_SA_INIT negotiates ecurity parameters ... "

    - Similarly for the next paragraph ("The second request/response,
      which we'll call IKE_AUTH transmits identities, ...")

  "To simplify the descriptions that follow by allowing the use of
  gender specific personal pronouns, the initiator is assumed to be
  named "Alice" and the responder "Bob".

    - except that they then immediately simply use initiator and
      responder, and later use the pronouns some of the time but with
      "the initiator" as often as with "Alice".  Alice and Bob appear
      infrequently later on in the document, after a gap, and the reader
      has to remember to translate them into initiator and responder.  I
      would prefer just initiator and responder rather than having to
      interpret Alice and Bob the few times they are used.  If the
      pronoun "it" is ambiguous in a particular situation, don't use it.

  Section 2.4 (end): "An IKE endpoint may at any time delete inactive
  CHILD_SAs to recover resources used to hold their state. If an IKE
  endpoint chooses to do so, it MUST send Delete payloads to the other
  end notifying it of the deletion." 

    - not clear that "to do so" means deleting an inactive CHILD_SA.

  Section 2.9, re differences in configuration of acceptable address
  ranges.

    - Have they thought about whether these incompatibilities SHOULD be
      logged?  


  The rest of it is very well groomed.

Scott