Using IPsec to Secure IPv6-in-IPv4 Tunnels
draft-ietf-v6ops-ipsec-tunnels-05
Yes
(David Kessens)
No Objection
(Bill Fenner)
(Dan Romascanu)
(Lars Eggert)
(Lisa Dusseault)
(Magnus Westerlund)
(Mark Townsley)
(Ross Callon)
(Ted Hardie)
Note: This ballot was opened for revision 05 and is now closed.
David Kessens Former IESG member
Yes
Yes
()
Unknown
Bill Fenner Former IESG member
No Objection
No Objection
()
Unknown
Brian Carpenter Former IESG member
(was Discuss)
No Objection
No Objection
(2007-01-18)
Unknown
From Gen-ART reviewer David Black, referring to the -05 version: I suggest that an RFC Editor note be used to insert the following text (much of which Fred Baker wrote) to explain what "modeled as an interface" means: An important consideration in determining whether to use IPsec tunnel mode is whether the IPsec tunnel mode SA is modeled as an interface. This notion of interface is logical - any time a system, host or router, sends a datagram, it has to account for having done so using the RFC 2863 Interface MIB. To do so, the system derives ifIndex from the route entry (see InetCidrRouteEntry in RFC 4292) that it uses to forward the datagram, or from the IpDefaultRouterEntry described in RFC 4293. The management information accessed via the ifIndex is "the interface" from a management and configuration perspective. This text should be inserted immediately following this sentence in Section 5: The IPv6 traffic can be protected using transport or tunnel mode. This will also entail adding informative references to RFCs 2863, 4292 and 4293.
Dan Romascanu Former IESG member
No Objection
No Objection
()
Unknown
Jari Arkko Former IESG member
No Objection
No Objection
(2006-12-14)
Unknown
> The reason threat (1) exists is the lack of widespread deployment of > IPv4 ingress filtering [RFC3704]. I believe it would be more correct to say "lack of universal deployment" -- it is very widely deployed, just not everywhere.
Lars Eggert Former IESG member
No Objection
No Objection
()
Unknown
Lisa Dusseault Former IESG member
No Objection
No Objection
()
Unknown
Magnus Westerlund Former IESG member
No Objection
No Objection
()
Unknown
Mark Townsley Former IESG member
No Objection
No Objection
()
Unknown
Ross Callon Former IESG member
No Objection
No Objection
()
Unknown
Russ Housley Former IESG member
No Objection
No Objection
(2006-12-11)
Unknown
From the SecDir Review by Sean Turner: Section 2, 1st para after numbered items: The RFC 4031 list of security services also includes access control, data origin authentication, rejection of replays, and limited traffic flow confidentiality. Are these not offered? Section 5.2, 2nd to last para: s/bu no inter-/but no inter-/
Sam Hartman Former IESG member
(was Discuss)
No Objection
No Objection
(2006-12-13)
Unknown
Ted Hardie Former IESG member
No Objection
No Objection
()
Unknown