A short summary: - many fields are named but not defined
- structures with multiple fields are described, but field order is not defined - terms are used inconsistently - the document is silent on critical points - how do user logins map to TCP connections? 1-1? 1-N? N-M? - can the same session_id be used in multiple TCP connections? - the general tone seems philosophical: systems "know" things, not prescriptive: systems "do" things. - edge cases are not discussed - what happens with zero-length fields? - common use-cases aren't described (e.g. inter-site use of the protocol) - the security considerations section is minimal - how do the edge cases affect security? - is the TCP connection closed when the key is found to be wrong? If not, why not? - what are best practice recommendations for deployment? - what impact does inter-site deployment have on security? As an implementor, I would have to guess at large portions of the protocol, or I would have to read the source to existing implementations. The draft as is stands today can get me ~90% of the way to implementing the protocol, but critical portions are not present. Alan DeKok. _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
