[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D ACTION:draft-ipsec-ipsec-doi-01.txt
> From: "C. Harald Koch" <chk@border.com>
> AH_1828 1
> AH_HMAC_MD5_REPLAY 2
> AH_MHAC_SHA_REPLAY 3
>
> I object to the use of RFC numbers in the name of the transform; it's
> either meaningless or obscure, depending on who you ask. AH_MD5 would be
> better than AH_1828.
>
Personally, I was using AH_MD5_KP, that is, keyed with padding.
For a more explict set of letters, I would suggest AH_MD5_KPDK, for
Key_Pad_Data_Key.
Could we agree to reverse the others to AH_MD5_HMAC_REPLAY and
AH_SHA1_HMAC_REPLAY, as more descriptive and intuitive, and matching the
term ordering of ESP_DES_CBC_HMAC_REPLAY?
> The "AH_HMAC_MD5" transform is missing from the list. While this transform
> never became an RFC, it is in use by several vendors, and so needs an
> identifier for proper interoperability. (Yes, it's a proper subset of
> AH_HMAC_MD5_REPLAY, But to support historical implementations, I think it
> needs to be kept separate. I'm willing to negotiate on this one :-)
>
I agree. Identifiers should be assigned as needed, to distinguish even
past and future proprietary transforms.
> RESERVED 0
> ESP_1829_TRANSPORT 1
> ESP_1829_TUNNEL 2
> ESP_DES_CBC_HMAC_REPLAY 3
>
> Again, I object to the use of RFC numbers in the name; IMHO, these should be
> "ESP_DES_CBC_TRANSPORT" and "ESP_DES_CBC_TUNNEL". (And I though the
> "transport" v.s. "tunnel" distinction was an RFC 1827 thing; if so,
> shouldn't we be consistent here?)
>
> ESP_3DES_CBC is missing (RFC 1851). Again, there are vendors using this
> already; an ID and number are required for interoperability.
>
Again, I agree. However, I'd suggest ESP_1DES_CBC_TRANSPORT, etc., to
more easily distinguish it from 3DES in the eyes of the operator. These
things have a tendency to show up in the configuration menus. ;-)
WSimpson@UMich.edu
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
BSimpson@MorningStar.com
Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2