IPsec Extensions to Support Robust Header Compression over IPsec
RFC 5858

Note: This ballot was opened for revision 08 and is now closed.

Magnus Westerlund Yes

(Jari Arkko) (was Discuss) No Objection

Comment (2009-12-17)
No email
send info
Neither the abstract or the introduction made it clear whether the header compression is inside or outside IPsec headers. Maybe its obvious for the
authors, but as a reader I would have wanted to see that early on.

> 4. Extensions to IPsec Processing
> 4.1. Addition to the IANA Protocol Numbers Registry

Mixing IANA considerations and behaviour rules.


The document does a poor job of explaining why ICVs are needed.
I think you should add a paragraph about this.

> IPComp and ROHC

I would personally rather just say use one, not both.
Do we need this complexity?

(Ron Bonica) No Objection

(Ross Callon) No Objection

(Ralph Droms) No Objection

(Lisa Dusseault) No Objection

(Lars Eggert) No Objection

(Pasi Eronen) No Objection

Comment (2009-12-09 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
In my opinion, including support for ROHC segmentation (Section 4.3)
is misguided, and unnecessary complexity.  While AH/ESP sequence
numbers could be used in theory to reconstruct the correct segment
sequence, I have doubts that anyone will actually implement this: ROHC
is useful mostly for small packets (where the header is large part of
the total packet) -- but those won't require fragmentation...

(Russ Housley) No Objection

(Cullen Jennings) No Objection

Alexey Melnikov No Objection

(Tim Polk) No Objection

Comment (2009-12-17 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
I suggest spelling out robust header compression once somewhere in the abstract.  It should
be relatively obvious given the document's title, but in isolation the abstract is difficult to sort.

(Dan Romascanu) (was Discuss) No Objection

Comment (2009-12-16 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
The OPS-DIR review performed by Bert Wijnen on version 05 of the document included the following comment: 

> If I understand the document correctly, then a user of this protocol will have to
add additional paramters in the SPD and SAD databases (as defined in RFC4301).
> I do not see any discussion as to what implications (if any) that may have to
existing entries in the databases?. Might that cause interupts to ongoing operations?
Or can existing entries be left untouched and could one choose to just add these
new paramters to new entries in the databases?
> Answers to these questions are probably best added in the document itself.

The answer from the document editor mentioned that: 

> Bert's understanding is correct; we are adding additional parameters to the SPD and SAD databases.  Fortunately, I do not think that these new parameters will cause issues for existing entries in the SPD and SAD.   The additional ROHCoIPsec SPD parameters are simply configured (e.g., along with the other parameters in the SPD).  Based on the these SPD parameters, the ROHCoIPsec SAD parameters will be populated during the initialization/rekey of a child SA (e.g., along with the other SAD parameters).  

I am satisfied with the answer, but I believe that the issue should be documented in the future RFC.

(Robert Sparks) No Objection