[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

notes from developer's portion of IETF meeting



Paul,

here are the notes that I took at the developers portion of the IPSEC
meetings.  Please include these in the official minutes.

Thanks

Dave Carrel
carrel@ipsec.org

-------------------------------------------------------------
anti-replay
	decision is that it is not optional!  The bits are		      
		always in the header
	It MUST be used by sender.
	Always starts at 1.
	key management will NOT negotiate whether it's used. 

integrity
	decicion is that it is optional 
	but if not used in ESP, it must be used in AH.
		Words to this effect must be added to arch docs.

optional encryption
	not optional in ESP
	A tunnel mode must be added to the specs for AH

encrypt/auth order
	encrypt first, auth next
	but IV MUST NOT be constant and MUST be included in every packet
	IV size is transform dependant and must be specified in 
		the transform docs

signature format
	Dan will send to list, with comments from Eric Rescolla

IBM- rsa encryption format
	leave current format as is to avoid document creep
	Ran and Hugo will write a draft of their exchange

slice and dice
	remove current key derivation text from Hughes draft
		It is based on who is initiator and responder
		(*** action item for Paul Lambert ***)
	All transforms MUST specify a number of keying bits
		required and how to generate keys, IVs, etc from that
		(# keying bits requested equals the # bits of entropy)
	transform must specify what to do in case of weak key
		if alg has a small number of weak keys then the
		recommendation is to request a new SA

Name space to IANA
	need algorithm ids
	forward issue to list

Audit
	Decision is that this will be documented as "SHOULD implement"

MIB
	take issue to list

----------------------
The following issues were discussed and agreed upon in the Wednesday
mtg.

ISAKMP
	ISAKMP should be bound to port 500 (i.e. send and receive on
		port 500)
	No need to negotiate replay window size. 
		replay window size is 32.
		Increase it to a higher value later on if necesary. 
	Situation and DOI must be included in calculating hash for the
		quick mode
	for public-key encryption, SKEYID = prf(Ni | Nr, g^xy)
		(it was hash(Ni | Nr).

	HASH(2) in Quick Mode includes the initiator's nonce. For
		ease of processing stick it after the message-id, i.e.
    HASH(2) = prf(SKEYID_a, M-ID | Ni | SA | Nr [ | KE ] [ | IDui | IDur
] )
                                  ^^^^




Follow-Ups: