# OPSDIR Review of draft-ietf-ipsecme-add-ike-09

Reviewer: Dhruv Dhody
Review Result: Has Issues

I have reviewed this document as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written with the intent of improving the operational aspects of the IETF drafts. Comments that are not addressed in last call may be included in AD reviews during the IESG review.  Document editors and WG chairs should treat these comments just like any other last call comments. 

The document is clear and well-written. The appendix is useful, thanks for adding these! It does not have any operational considerations section. It could be useful to add (to highlight them). There is some text of operational significance in section 4.  

## Major

- There are instances of "attributes MUST NOT be X" but it is not mentioned how the implementation deals with them when received. Perhaps, a reference to an existing RFC that has the error handling specified? 
    - Service Priority MUST NOT be 0.
    - Num Addresses MUST NOT be 0.
    - The service parameters MUST NOT include "ipv4hint" or "ipv6hint"
    - ...

## Minor

- I think that the "ADN Length" can be 0. Maybe state that explicitly. 
- Suggest use of normative MUST below - 
OLD:
If the request includes multiple bitwise identical attributes, only the first occurrence is processed, and the rest SHOULD be ignored by the responder. 
NEW:
If the request includes multiple bitwise identical attributes, only the first occurrence MUST be processed, and the rest SHOULD be ignored by the responder.
END
- Maybe you can explicitly state that there is no padding for ADN? 
- Suggest adding references for the port numbers in section 3.1.
- Should this text in Section 3.2 "Note that SHA2-256 is mandatory to implement." use Normative MUST? Note that you do use it in Section 5. 

Thanks! 
Dhruv