On Mon, 29 Apr 2024, Mahesh Jethanandani via Datatracker wrote:
From an operational perspective, the shepherd write-up brought up the question of how this draft would be operationalized. In other words, is there an augment of the existing YANG model planned that would update the model to add the ability to configure multiple SAs? If not, how does a user specify their interest in enabling this feature?
For those without yang it is obviously operationalizable. But yes perhaps it could be added to the IPsec/IKEv2 yang module. That module currently has errors and is also missing PQ related items (intermediate exchange, hybrid exchange, etc etc). I think this item here is minor compared to the other items, so perhaps a bis document for RFC9061 would be the right place to add this. I know some people were discussing doing a bis for this because there are also some errors in the current yang module.
No reference entries found for these items, which were mentioned in the text: [TBD2] and [TBD1].
These are for the new IANA entries this document is requesting.
Reference [RFC6982] to RFC6982, which was obsoleted by RFC7942 (this may be on purpose).
This is fair, and we could update it to RFC7942 but ofcourse the entire section including the number will be removed as part of the RFC Editing :) Anyway, staged for the next version.
Section 1.2, paragraph 1n initial IKEv2 exchange is used to setup an IKE SA and the initial Child SA. ^^^^^The verb "set up" is spelled as two words. The noun "setup" is spelled as one.
Staged.
Section 2, paragraph 1he Exchange negotiating the Child SA (eg IKE_AUTH or CREATE_CHILD_SA). If thi ^^The abbreviation "e.g." (= for example) requires two periods.
Staged all occurances.
Section 4, paragraph 3ed on the trigger TSi entry, an implementations can select the most optimal t ^^^^^^^^^^^^^^^^^^The plural noun "implementations" cannot be used with the article "an". Did you mean "an implementation" or "implementations"?
Staged.
Section 6, paragraph 2he inbound SA and outbound SA independently from each other. It is likely tha ^^^^^^^^^^^^^^^^^^The usual collocation for "independently" is "of", not "from". Did you mean "independently of"?
Staged.
Section 6, paragraph 4elonging to a specific resource. The notify data SHOULD NOT be an identifier ^^^^^^^^^^The verb "notify" does not usually follow articles like "The". Check that "notify" is spelled correctly; using "notify" as a noun may be non-standard.
It is "the (notify) data", so that is a false positive.
Section 8, paragraph 4the ESP flow, to a specific Q or CPU e.g ethtool ntuple configuration. The SP ^^^The abbreviation "e.g." (= for example) requires two periods.
Staged. Paul _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
