Last Call Review of draft-ietf-ipsecme-add-ike-09
review-ietf-ipsecme-add-ike-09-opsdir-lc-dhody-2023-03-13-00

# OPSDIR Review of draft-ietf-ipsecme-add-ike-09

Reviewer: Dhruv Dhody
Review Result: Has Issues

I have reviewed this document as part of the Operational directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written with the intent of improving the operational aspects of
the IETF drafts. Comments that are not addressed in last call may be included
in AD reviews during the IESG review.  Document editors and WG chairs should
treat these comments just like any other last call comments.

The document is clear and well-written. The appendix is useful, thanks for
adding these! It does not have any operational considerations section. It could
be useful to add (to highlight them). There is some text of operational
significance in section 4.

## Major

- There are instances of "attributes MUST NOT be X" but it is not mentioned how
the implementation deals with them when received. Perhaps, a reference to an
existing RFC that has the error handling specified?
    - Service Priority MUST NOT be 0.
    - Num Addresses MUST NOT be 0.
    - The service parameters MUST NOT include "ipv4hint" or "ipv6hint"
    - ...

## Minor

- I think that the "ADN Length" can be 0. Maybe state that explicitly.
- Suggest use of normative MUST below -
OLD:
If the request includes multiple bitwise identical attributes, only the first
occurrence is processed, and the rest SHOULD be ignored by the responder. NEW:
If the request includes multiple bitwise identical attributes, only the first
occurrence MUST be processed, and the rest SHOULD be ignored by the responder.
END - Maybe you can explicitly state that there is no padding for ADN? -
Suggest adding references for the port numbers in section 3.1. - Should this
text in Section 3.2 "Note that SHA2-256 is mandatory to implement." use
Normative MUST? Note that you do use it in Section 5.

Thanks!
Dhruv