IPsec Configuration Policy Information Model
draft-ietf-ipsp-config-policy-model-06
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2003-08-29
|
06 | (System) | This was part of a ballot set with: draft-ietf-ipsp-requirements |
2003-08-29
|
06 | (System) | Ballot writeup text was added |
2003-08-29
|
06 | (System) | Ballot approval text was added |
2003-05-29
|
06 | Natalia Syracuse | State Changes to RFC Ed Queue from Approved-announcement sent by Syracuse, Natalia |
2003-05-21
|
06 | Michael Lee | State Changes to Approved-announcement sent from Approved-announcement to be sent by Lee, Michael |
2003-05-08
|
06 | Jacqueline Hargest | State Changes to Approved-announcement to be sent from IESG Evaluation by Hargest, Jacqueline |
2003-05-08
|
06 | (System) | IESG has approved the document |
2003-05-03
|
06 | Steven Bellovin | Updated I-Ds look good; Bert asked if his DISCUSS is satisfied. |
2003-05-03
|
06 | Steven Bellovin | State Changes to IESG Evaluation from AD Evaluation :: AD Followup by Bellovin, Steve |
2003-03-18
|
06 | Steven Bellovin | Chairs believe that documents are ready for re-evaluation. |
2002-12-12
|
06 | Steven Bellovin | Notified authors of IESG comments. |
2002-12-12
|
06 | Steven Bellovin | State Changes to AD Evaluation :: Revised ID Needed from IESG Evaluation by Bellovin, Steve |
2002-12-02
|
06 | Steven Bellovin | State Changes to IESG Evaluation from Waiting for Writeup by Bellovin, Steve |
2002-11-13
|
06 | Stephen Coya | State Changes to Waiting for Writeup from In Last Call by Coya, Steve |
2002-10-28
|
06 | Jacqueline Hargest | Due date has been changed to 2002-11-11 from by jhargest |
2002-10-28
|
06 | Jacqueline Hargest | State Changes to In Last Call -- 0 from Last Call Requested by jhargest |
2002-10-28
|
06 | Jacqueline Hargest | State Changes to Last Call Requested from AD Evaluation by jhargest |
2002-10-28
|
06 | Steven Bellovin | Waiting for response from authors |
2002-10-28
|
06 | Steven Bellovin | by bellovin |
2002-10-28
|
06 | Steven Bellovin | State Changes to AD Evaluation -- External Party from Last Call Requested by bellovin |
2002-10-28
|
06 | (System) | Last call sent |
2002-10-25
|
06 | Steven Bellovin | The most glaring nit -- and one that will likely cause some pushback from the IESG -- is that the references need to be split … The most glaring nit -- and one that will likely cause some pushback from the IESG -- is that the references need to be split into normative and non-normative. Other nits are the presence of bibliographic citations and some unexpanded acronyms in the abstract. There are some non-ASCII characters in at least the PIB document, and maybe the others. On a more substantive note -- has the PIB been compiled? Is the policy modem supposed to be machine-readable? If so, has it been compiled? There's a new policy that suggests putting a short copyright notice into MIBs, so that a portion can be legally extracted from the RFC and compiled into a product. Should the same be done here? If so, contact Bert Wijnen for the exact wording and location. The kilobyte counters are 32 bits. This seems odd to me; I suspect that they should be 64 bits. We're changing ESP to support a longer packet counter, and to a first approximation the packets in a bulk data flow will be about 1K bytes. I note that a number of MIBs are being revised to use 64-bit counters -- was that decision a conscious choice by the WG? I'm unhappy about the Security Considerations. The policy model document just says "see the policy architeture document". But that document doesn't exist, so far as I know, and it's not in your charter. I'm not thrilled that the PIB document says "use a secure transport", when that isn't defined very well by RFC 2748, but that may be something the IESG has to sort out. I suspect that you should add some text specifically citing the TLS option mentioned in 2748. I'd probably have said "MUST" for transport integrity checking... A more serious issue in that document is that there's too much boilerplate and too little specific analysis. You say that "confidential information" may be revealed. Which elements are the most sensitive that way? You're transporting information about a security protocol; should, say, key lengths be protected? The standard I've been using when evaluating MIB documents is that the authors understand the details better than others will; they should do the analysis for the sensitivity level. (ipSecProposalPrid strikes me as less sensitive than, say, an X.509 cert, given the criteria you outline.) Do you want to include AES in the ESP transforms? |
2002-10-25
|
06 | Steven Bellovin | by bellovin |
2002-10-25
|
06 | Steven Bellovin | State Changes to Last Call Requested from AD Evaluation by bellovin |
2002-10-25
|
06 | Steven Bellovin | KB lifetime should be 64-bit Better security considerations? |
2002-10-25
|
06 | Steven Bellovin | by bellovin |
2002-09-24
|
06 | Steven Bellovin | Intended Status has been changed to Proposed Standard from None |
2002-08-27
|
06 | Steven Bellovin | responsible has been changed to Responsible AD from responsible AD |
2002-08-27
|
06 | Steven Bellovin | State Changes to AD Evaluation from Pre AD Evaluation by bellovin |
2002-08-27
|
06 | Steven Bellovin | responsible has been changed to responsible AD from Unassigned |
2002-08-27
|
06 | Steven Bellovin | Draft Added by bellovin |
2002-08-09
|
06 | (System) | New version available: draft-ietf-ipsp-config-policy-model-06.txt |
2002-02-28
|
05 | (System) | New version available: draft-ietf-ipsp-config-policy-model-05.txt |
2001-11-09
|
04 | (System) | New version available: draft-ietf-ipsp-config-policy-model-04.txt |
2001-07-26
|
03 | (System) | New version available: draft-ietf-ipsp-config-policy-model-03.txt |
2001-03-06
|
02 | (System) | New version available: draft-ietf-ipsp-config-policy-model-02.txt |
2000-07-12
|
01 | (System) | New version available: draft-ietf-ipsp-config-policy-model-01.txt |
2000-03-14
|
00 | (System) | New version available: draft-ietf-ipsp-config-policy-model-00.txt |