Document: draft-ietf-ipsec-esp-v3-09.txt Review: Brian E Carpenter Date: 5 januari 2005 I think this is ready, but I do have two concerns and there are nits. > 2. Encapsulating Security Payload Packet Format ... > ESP does not contain a version number, therefore if there are > concerns about backward compatibility, they MUST be addressed by > using a signaling mechanism between the two IPsec peers to ensure > compatible versions of ESP, e.g., IKE or an out-of-band > configuration > mechanism. I'm a bit concerned that there are backwards-incompatible requirements (e.g. new padding support) but no version number. For product support and widespread deployment, this looks like a nightmare. In fact, I don't see how to handle it if a server has to talk to some unknown clients that support v3 and some that don't. Since the clients are unknown, configuration is impossible. It puts an even bigger burden on IKE. I'm naive about cryptography, but this paragraph in section 2.4 raises a question in my mind: > If Padding bytes are needed but the encryption algorithm does not > specify the padding contents, then the following default processing > MUST be used. The Padding bytes are initialized with a series of > (unsigned, 1-byte) integer values. The first padding byte appended > to the plaintext is numbered 1, with subsequent padding bytes making > up a monotonically increasing sequence: 1, 2, 3, ... When this > padding scheme is employed, the receiver SHOULD inspect the Padding > field. (This scheme was selected because of its relative > simplicity, > ease of implementation in hardware, and because it offers limited > protection against certain forms of "cut and paste" attacks in the > absence of other integrity measures, if the receiver checks the > padding values upon decryption.) I thought it was considered a Bad Thing cryptographically to have any kind of predictable sequence in the plaintext - yet this mandates a highly predictable sequence. Nits: idnits 1.58 tmp/draft-ietf-ipsec-esp-v3-09.txt: Checking nits according to http://www.ietf.org/ID-Checklist.html : * The document seems to lack an IANA Considerations section. Checking conformance with RFC 3667/3668 boilerplate... * The document claims conformance with section 10 of RFC 2026, but uses some RFC 3667/3668 boilerplate. As RFC 3667/3668 replaces section 10 of RFC 2026, you should not claim conformance with it if you have changed to using RFC 3667/3668 boilerplate. * The document seems to lack an RFC 3668 Section 5, para 1 IPR Disclosure Acknowledgement -- however, there's a paragraph with a matching beginning. Boilerplate error? * The document seems to lack an RFC 3668 Section 5, para 2 IPR Disclosure Acknowledgement. * The document seems to lack an RFC 3668 Section 5, para 3 IPR Disclosure Invitation -- however, there's a paragraph with a matching beginning. Boilerplate error? ( - It does however have an RFC 2026 Section 10.4(B) IPR Disclosure Invitation.) * There are 35 instances of too long lines in the document, the longest one being 4 characters in excess of 72. Checking nits according to http://www.ietf.org/ietf/1id-guidelines.txt : * The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. * The document seems to lack a 1id_guidelines paragraph about 6 months document validity. * The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts -- however, there's a paragraph with a matching beginning. Boilerplate error? Miscellaneous warnings: - There are 9 instances of lines with hyphenated line breaks in the document. - Line 347 has weird spacing: '...t Integ is...' - Line 376 has weird spacing: '...t Integ is...' - Line 380 has weird spacing: '... plain p...' - Line 386 has weird spacing: '... cipher d...' Run idnits with the --verbose option for more detailed information.