[Now with the right address] I just finished reading this document. Some comments below.
- You have a uniform 16 bit length field followed by a 4 byte all-zeros sentinel value to indicate that a packet is IKE rather than ESP. Given that in S 3 graf 2 you have a SHOULD-level requirement to use typical UDP payload lengths, why not instead explicitly limit lengths to 15 bits and use the top bit to indicate IKE versus ESP. This would be slightly more efficient and seems simpler. I suppose that the counterargument is that IKE over UDP behaves differently, but in terms of implementation, that doesn't seem like much of an argument. - If you're going to have a framing disambiguator, why not choose one that has higher entropy. If there is a protocol with a random start, then you are going to get some collisions with 2^48 bits. - It seems like IKE associations can span TCP connections (S 6) so why not instead of doing UDP first then TCP, do happy eyeballs. " when TLS is used on the TCP connection, both the TCP Originator and TCP Responder SHOULD allow the NULL cipher to be selected for performance reasons." This seems like you are going to have some problems with TLS 1.3 - If you are going to use TLS, shouldn't you be using ALPN? Feel free to tell me that these ideas have been considered and rejected. :) -Ekr
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec