[IPsec] I-D Action:draft-ietf-ipsecme-traffic-visibility-08.txt
Tero Kivinen <kivinen@iki.fi> Thu, 03 September 2009 09:38 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0B5333A6816 for <ipsec@core3.amsl.com>; Thu, 3 Sep 2009 02:38:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.577
X-Spam-Level:
X-Spam-Status: No, score=-2.577 tagged_above=-999 required=5 tests=[AWL=0.022, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 71EOIVLssRir for <ipsec@core3.amsl.com>; Thu, 3 Sep 2009 02:38:33 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) by core3.amsl.com (Postfix) with ESMTP id B31BE28C107 for <ipsec@ietf.org>; Thu, 3 Sep 2009 02:36:40 -0700 (PDT)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.3/8.13.8) with ESMTP id n839P8DR019296 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ipsec@ietf.org>; Thu, 3 Sep 2009 12:25:08 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.3/8.12.11) id n839P8T3021579; Thu, 3 Sep 2009 12:25:08 +0300 (EEST)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <19103.35700.506013.687392@fireball.kivinen.iki.fi>
Date: Thu, 03 Sep 2009 12:25:08 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: ipsec@ietf.org
In-Reply-To: <20090901160002.0A34B3A7003@core3.amsl.com>
References: <20090901160002.0A34B3A7003@core3.amsl.com>
X-Mailer: VM 7.19 under Emacs 21.4.1
X-Edit-Time: 9 min
X-Total-Time: 13 min
Subject: [IPsec] I-D Action:draft-ietf-ipsecme-traffic-visibility-08.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2009 09:38:34 -0000
Internet-Drafts@ietf.org writes: > Title : Wrapped ESP for Traffic Visibility > Author(s) : K. Grewal, et al. > Filename : draft-ietf-ipsecme-traffic-visibility-08.txt > Pages : 15 > Date : 2009-09-01 Found out one more nit in the WESP draft. It now says: Flags, 8 bits: The bits are defined LSB first, so bit 0 would be the least significant bit of the flags octet. and then defines flags from MSB first without specifying bit numbers and those bit numbers based on the picture are 5-7. This is bit confusing. So I propose that you add the explicit bit numbers to the descriptions i.e. add "bits 6-7" to version and "bit 5" to description. On the other hand your picture is using MSB order, i.e. bit number 0 is the most significant bit, and flags is bits 24-31, so it would make sense to define bits inside the flags also in MSB order, i.e. change the text to: ---------------------------------------------------------------------- Flags, 8 bits: The bits are defined MSB first, so bit 0 would be the most significant bit of the flags octet. 2 bits (bits 0-1): Version (V). MUST be sent as 0 and checked by the receiver. If the version is different than an expected version number (e.g. negotiated via the control channel), then the packet must be dropped by the receiver. Future modifications to the WESP header may require a new version number. Intermediate nodes dealing with unknown versions are not necessarily able to parse the packet correctly. Intermediate treatment of such packets is policy-dependent (e.g., it may dictate dropping such packets). 1 bit (bit 2): Encrypted Payload (E). Setting the Encrypted Payload bit to 1 indicates that the WESP (and therefore ESP) payload is protected with encryption. If this bit is set to 0, then the payload is using ESP-NULL cipher. Setting or clearing this bit also impacts the value in the WESP Next Header field, as described above. The recipient MUST ensure consistency of this flag with the negotiated policy and MUST drop the incoming packet otherwise. 5 bits (bits 3-7): Flags, reserved for future use. The flags MUST be sent as 0, and ignored by the receiver. Future documents defining any of these flags MUST NOT affect the distinction between encrypted and unencrypted packets. Intermediate nodes dealing with unknown flags are not necessarily able to parse the packet correctly. Intermediate treatment of such packets is policy-dependent (e.g., it may dictate dropping such packets). ---------------------------------------------------------------------- I am actually not sure if we have properly defined bit order for IETF use. In pictures we use MSB bit first numbering, but in some other places we have used LSB bit numbering (like RFC4306 uses for its flags). If you want to keep LSB bit ordering inside the flags then text would be: ---------------------------------------------------------------------- Flags, 8 bits: The bits are defined LSB first, so bit 0 would be the least significant bit of the flags octet. 2 bits (bits 6-7): Version (V). MUST be sent as 0 and checked by the receiver. If the version is different than an expected version number (e.g. negotiated via the control channel), then the packet must be dropped by the receiver. Future modifications to the WESP header may require a new version number. Intermediate nodes dealing with unknown versions are not necessarily able to parse the packet correctly. Intermediate treatment of such packets is policy-dependent (e.g., it may dictate dropping such packets). 1 bit (bit 5): Encrypted Payload (E). Setting the Encrypted Payload bit to 1 indicates that the WESP (and therefore ESP) payload is protected with encryption. If this bit is set to 0, then the payload is using ESP-NULL cipher. Setting or clearing this bit also impacts the value in the WESP Next Header field, as described above. The recipient MUST ensure consistency of this flag with the negotiated policy and MUST drop the incoming packet otherwise. 5 bits (bits 0-4): Flags, reserved for future use. The flags MUST be sent as 0, and ignored by the receiver. Future documents defining any of these flags MUST NOT affect the distinction between encrypted and unencrypted packets. Intermediate nodes dealing with unknown flags are not necessarily able to parse the packet correctly. Intermediate treatment of such packets is policy-dependent (e.g., it may dictate dropping such packets). -- kivinen@iki.fi
- [IPsec] I-D Action:draft-ietf-ipsecme-traffic-vis… Internet-Drafts
- [IPsec] I-D Action:draft-ietf-ipsecme-traffic-vis… Tero Kivinen