IPsec Extensions to Support Robust Header Compression over IPsec
draft-ietf-rohc-ipsec-extensions-hcoipsec-08

[Ballot comment]
Neither the abstract or the introduction made it clear whether the header compression is inside or outside IPsec headers. Maybe its obvious for the
authors, but as a reader I would have wanted to see that early on.

> 4. Extensions to IPsec Processing
>
> 4.1. Addition to the IANA Protocol Numbers Registry

Mixing IANA considerations and behaviour rules.

> ICV

The document does a poor job of explaining why ICVs are needed.
I think you should add a paragraph about this.

> IPComp and ROHC

I would personally rather just say use one, not both.
Do we need this complexity?

[Ballot discuss]
The document says:

      Case 1: Original (cleartext) packet is IPv4 and has the DF
              bit set.  The implementation should discard the packet
              and send a PMTU ICMP message.
  ...

  For ROHCoIPsec, Cases 1 and 3, and the post-encryption fragmentation
  for Case 2 are employed.

This seems wrong. You are fragment over the unreliable Internet packets
for which DF was set to 1.

[Ballot comment]
Neither the abstract or the introduction made it clear whether the header compression is inside or outside IPsec headers. Maybe its obvious for the
authors, but as a reader I would have wanted to see that early on.

> 4. Extensions to IPsec Processing
>
> 4.1. Addition to the IANA Protocol Numbers Registry

Mixing IANA considerations and behaviour rules.

> ICV

The document does a poor job of explaining why ICVs are needed.
I think you should add a paragraph about this.

> IPComp and ROHC

I would personally rather just say use one, not both.
Do we need this complexity?

[Ballot comment]
Neither the abstract or the introduction made it clear whether the header compression is inside or outside IPsec headers. Maybe its obvious for the
authors, but as a reader I would have wanted to see that early on.

> 4. Extensions to IPsec Processing
>
> 4.1. Addition to the IANA Protocol Numbers Registry

Mixing IANA considerations and behaviour rules.

[Ballot comment]
Neither the abstract or the introduction made it clear whether the header compression is inside or outside IPsec headers. Maybe its obvious for the
authors, but as a reader I would have wanted to see that early on.

[Ballot comment]
I suggest spelling out robust header compression once somewhere in the abstract.  It should
be relatively obvious given the document's title, but in isolation the abstract is difficult to sort.

[Ballot comment]
The OPS-DIR review performed by Bert Wijnen on version 05 of the document included the following comment:

> If I understand the document correctly, then a user of this protocol will have to
add additional paramters in the SPD and SAD databases (as defined in RFC4301).

> I do not see any discussion as to what implications (if any) that may have to
existing entries in the databases?. Might that cause interupts to ongoing operations?
Or can existing entries be left untouched and could one choose to just add these
new paramters to new entries in the databases?

> Answers to these questions are probably best added in the document itself.

The answer from the document editor mentioned that:

> Bert's understanding is correct; we are adding additional parameters to the SPD and SAD databases.  Fortunately, I do not think that these new parameters will cause issues for existing entries in the SPD and SAD.  The additional ROHCoIPsec SPD parameters are simply configured (e.g., along with the other parameters in the SPD).  Based on the these SPD parameters, the ROHCoIPsec SAD parameters will be populated during the initialization/rekey of a child SA (e.g., along with the other SAD parameters). 

I am satisfied with the answer, but I believe that the issue should be documented in the future RFC.

[Ballot discuss]
The OPS-DIR review performed by Bert Wijnen on version 05 of the document included the following comment:

> If I understand the document correctly, then a user of this protocol will have to
add additional paramters in the SPD and SAD databases (as defined in RFC4301).

> I do not see any discussion as to what implications (if any) that may have to
existing entries in the databases?. Might that cause interupts to ongoing operations?
Or can existing entries be left untouched and could one choose to just add these
new paramters to new entries in the databases?

> Answers to these questions are probably best added in the document itself.

I do not see this addressed in version 06. Am I missing something? Was this comment addressed at all?

[Ballot comment]
In my opinion, including support for ROHC segmentation (Section 4.3)
is misguided, and unnecessary complexity.  While AH/ESP sequence
numbers could be used in theory to reconstruct the correct segment
sequence, I have doubts that anyone will actually implement this: ROHC
is useful mostly for small packets (where the header is large part of
the total packet) -- but those won't require fragmentation...

IANA comments:

Upon approval of this document, IANA will make the following
assignment in the "Assigned Internet Protocol Numbers" registry at
http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

Decimal Keyword Protocol Reference
TBD ROHC ROHC [RFC-rohc-ipsec-extensions-hcoipsec-05]

(1.a) Who is the Document Shepherd for this document? Has the
Document Shepherd personally reviewed this version of the
document and, in particular, does he or she believe this
version is ready for forwarding to the IESG for publication?

Carl Knutsson is the Document Shepherd. The document has
been personally reviewed by Document Shepherd and is ready
to be published as a Proposed Standard.

(1.b) Has the document had adequate review both from key WG members
and from key non-WG members? Does the Document Shepherd have
any concerns about the depth or breadth of the reviews that
have been performed?

Yes, it has been reviewed by members of both ipsecme and
rohc WGs. The Document Shepherd have no concerns about the
depth or breadth of the reviews.

(1.c) Does the Document Shepherd have concerns that the document
needs more review from a particular or broader perspective,
e.g., security, operational complexity, someone familiar with
AAA, internationalization or XML?

No concerns.

(1.d) Does the Document Shepherd have any specific concerns or
issues with this document that the Responsible Area Director
and/or the IESG should be aware of? For example, perhaps he
or she is uncomfortable with certain parts of the document, or
has concerns whether there really is a need for it. In any
event, if the WG has discussed those issues and has indicated
that it still wishes to advance the document, detail those
concerns here. Has an IPR disclosure related to this document
been filed? If so, please include a reference to the
disclosure and summarize the WG discussion and conclusion on
this issue.

No concerns.

(1.e) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with
others being silent, or does the WG as a whole understand and
agree with it?

There is a strong consensus behind the document.

(1.f) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in
separate email messages to the Responsible Area Director. (It
should be in a separate email because this questionnaire is
entered into the ID Tracker.)

No conflicts or display of extreme discontent.

(1.g) Has the Document Shepherd personally verified that the
document satisfies all ID nits? (See
http://www.ietf.org/ID-Checklist.html and
http://tools.ietf.org/tools/idnits/). Boilerplate checks are
not enough; this check needs to be thorough. Has the document
met all formal review criteria it needs to, such as the MIB
Doctor, media type and URI type reviews?

Yes.

(1.h) Has the document split its references into normative and
informative? Are there normative references to documents that
are not ready for advancement or are otherwise in an unclear
state? If such normative references exist, what is the
strategy for their completion? Are there normative references
that are downward references, as described in [RFC3967]? If
so, list these downward references to support the Area
Director in the Last Call procedure for them [RFC3967].

Yes, No.

(1.i) Has the Document Shepherd verified that the document IANA
consideration section exists and is consistent with the body
of the document? If the document specifies protocol
extensions, are reservations requested in appropriate IANA
registries? Are the IANA registries clearly identified? If
the document creates a new registry, does it define the
proposed initial contents of the registry and an allocation
procedure for future registrations? Does it suggest a
reasonable name for the new registry? See [RFC5226]. If the
document describes an Expert Review process has Shepherd
conferred with the Responsible Area Director so that the IESG
can appoint the needed Expert during the IESG Evaluation?

Yes.

(1.j) Has the Document Shepherd verified that sections of the
document that are written in a formal language, such as XML
code, BNF rules, MIB definitions, etc., validate correctly in
an automated checker?

Yes.

(1.k) The IESG approval announcement includes a Document
Announcement Write-Up. Please provide such a Document
Announcement Write-Up? Recent examples can be found in the
"Action" announcements for approved documents. The approval
announcement contains the following sections:

Technical Summary

Integrating ROHC with IPsec (ROHCoIPsec) offers the combined
benefits of IP security services and efficient bandwidth
utilization. This document describes the IPsec extensions to
the Security Policy Database (SPD) and the Security
Association Database (SAD) required to support ROHCoIPsec.

Working Group Summary

The document represents rough consensus of the working group.

Document Quality

The document have been reviewed extensively by both members
from the ipsecme and the rohc working groups. During the WG
Last-Call the document was reviewed by the committed WG
reviewers Robert A. Stangarone Jr. and Yoav Nir.