Thanks, This is useful feedback.
> On Apr 22, 2016, at 05:38, Alan DeKok <[email protected]> wrote: > > A short summary: > > - many fields are named but not defined > > - structures with multiple fields are described, but field order is not > defined > > - terms are used inconsistently > > - the document is silent on critical points > > - how do user logins map to TCP connections? 1-1? 1-N? N-M? > > - can the same session_id be used in multiple TCP connections? > > - the general tone seems philosophical: systems "know" things, not > prescriptive: systems "do" things. > > - edge cases are not discussed > > - what happens with zero-length fields? > > - common use-cases aren't described (e.g. inter-site use of the protocol) > > - the security considerations section is minimal > > - how do the edge cases affect security? > > - is the TCP connection closed when the key is found to be wrong? If not, > why not? > > - what are best practice recommendations for deployment? > > - what impact does inter-site deployment have on security? > > > As an implementor, I would have to guess at large portions of the protocol, > or I would have to read the source to existing implementations. The draft as > is stands today can get me ~90% of the way to implementing the protocol, but > critical portions are not present. > > Alan DeKok. > > _______________________________________________ > OPSAWG mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/opsawg > _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
