[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Comments on draft-ietf-ipsec-new-auth-00.txt

To: ipsec@tis.com
Subject: Comments on draft-ietf-ipsec-new-auth-00.txt
From: Rob Glenn <glenn@snad.ncsl.nist.gov>
Date: Tue, 8 Apr 1997 23:36:10 -0400 (Eastern Daylight Time)
cc: rob.glenn@nist.gov
Reply-To: Rob Glenn <glenn@snad.ncsl.nist.gov>
Sender: owner-ipsec@ex.tis.com


General comments:

I'm a little concerned that by specifying the HMAC
MD5 and HMAC SHA-1 algorithms in this draft, we
are now one step away from the goal of algorithm
independence.
   - I think it is now more difficult to specify
     other algorithms for use with AH since the
     mechanism to do so has been removed (i.e.
     transform documents) and new algorithm
     documents will have to point to the AH spec
     instead of the other way around.
   - As a result, other algorithms may be           presented in a form
similar to "transform"      documents which defeats the main goal of re-      
   writing the RFCs.
   - A possible solution would be to remove the
     references to specific algs. from the draft 
     and point to another draft that contains 
     just a list of algorithms, alg-ids, and the                              
          implementation conformance requirements(MUST,                  
SHOULD, or MAY). 

   - This comment applies to the new-esp draft 
     as well.

More Specific comments:

1. Anti-replay and multicast are problematic
   together.  See the last paragraph of section    2.1 in
draft-ietf-ipsec-ah-hmac-sha-1-96-00.txt

2. I think it is too strong to say that "...
   a compliant implementation must not negotiate
   this service (Anti-Replay) in conjuction with
   SAs that are manually keyed."  The implication
   is that only with a full-blown dynamic key             management engine
will you ever use Anti-   Replay. 

3. The straw poll taken a few weeks back concluded
   that we didn't want a variable sized field
   in the middle of the AH header.  By making
   the Seq. Number field optional this way, once
   again we have a variable sized field in the
   header.  One way to fix this would be to move
   the Authentication Data pad to the beginning
   of the Authentication Data instead of the end.
   That way when HMAC-{MD5,SHA-1}-96 is used 
   without Anti-replay and 64-bit alignment is
   desired, the 32-bits of pad will be located
   in the same position where the SN would have 
   been.

   Of course, another solution would be to just
   fix the SN field.

4. If it is decided to still include algs. in the
   drafts, then the AH draft should:

   - specify the default 96-bit truncation in 
     the conformance section, and
   - mention that HMAC-MD5 is MUST and
     HMAC-SHA-1 is SHOULD (as previously
     recommended).

Follow-Ups:

Re: Comments on draft-ietf-ipsec-new-auth-00.txt

From: Stephen Kent <kent@bbn.com>

Prev by Date: Re : keys visability (was : Re: auditing)
Next by Date: Re: Re : keys visability (was : Re: auditing)
Prev by thread: Memphis IPSEC
Next by thread: Re: Comments on draft-ietf-ipsec-new-auth-00.txt
Index(es):
- Main
- Thread