[IPsec] Comments on draft-mglt-ipsecme-diet-esp-07

Fri, 06 May 2022 14:02:52 -0700 

First read-through.

Is there an implementation of this draft?
Obviously it being last published in '19 some drafts are now RFCs and thus need updating. 

Page 5 at top:

Non ESP fields may be compressed by ESP under
   certain circumstances, but EHC is not intended to provide a generic
   way outside of ESP to compress these protocols.
How does EHC work with SCHC CoAP compression, rfc 8824?  I would think this is a must work with... 

   As depicted in Figure 1, the EHC Strategy - Diet-ESP in our case -
   and the EHC Context are agreed upon between the two peers, e.g.
   during key exchange.  The EHC Rules are to be implemented on the
   peers and do not require further agreement.
Can the EHC Strategy, Context, and Rules be static between two hosts?  This is of interest to me with Network Remote ID where these will always be the same (I think so far) between the UA and Service Provider.
In fact if aligned with SCHC, static is the norm which can be overridden during a key exchange.  This approach would allow the key exchange to be unmodified to support diet-esp. 

   With EHC, the agreement of the level or occurrence of compression is
   left the negotiation protocol (e.g.  IKEv2), contradicting the
   signalization of the level of compression for a certain packet send
   over the wire.
This is a sentence fragment and I don't get what is being said here.  Taking out the comma delimited: 

   With EHC, contradicting the
   signalization of the level of compression for a certain packet send
   over the wire.

?

This
   leads to multiple SAs, and thus, multiple SPIs for different levels
   of compression agreed with the EHC Context.

This can lead to multiple...

I think

   If the sender detects the de-compression can not be guaranteed with a
   given EHC Context and EHC Strategy, it MUST NOT apply compression.

If the sender detects that the de-

?

Made it through sec 6, stopping for now a 6.1 where I will continue Monday?
I see that with ESP Next Header compression and ony UDP in the SA, that SCHC for UDP is not needed so don't need an IP Protocol number for SCHC here.  But what about SCHC for CoAP over UDP? 

Anyway, stopping for now.  More, I suspect, later.
Oh, and NIST is having their 4th LWC workshop M-W, so I am busy with that too! 

Bob

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to