[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
notes from developer's portion of IETF meeting
Paul,
here are the notes that I took at the developers portion of the IPSEC
meetings. Please include these in the official minutes.
Thanks
Dave Carrel
carrel@ipsec.org
-------------------------------------------------------------
anti-replay
decision is that it is not optional! The bits are
always in the header
It MUST be used by sender.
Always starts at 1.
key management will NOT negotiate whether it's used.
integrity
decicion is that it is optional
but if not used in ESP, it must be used in AH.
Words to this effect must be added to arch docs.
optional encryption
not optional in ESP
A tunnel mode must be added to the specs for AH
encrypt/auth order
encrypt first, auth next
but IV MUST NOT be constant and MUST be included in every packet
IV size is transform dependant and must be specified in
the transform docs
signature format
Dan will send to list, with comments from Eric Rescolla
IBM- rsa encryption format
leave current format as is to avoid document creep
Ran and Hugo will write a draft of their exchange
slice and dice
remove current key derivation text from Hughes draft
It is based on who is initiator and responder
(*** action item for Paul Lambert ***)
All transforms MUST specify a number of keying bits
required and how to generate keys, IVs, etc from that
(# keying bits requested equals the # bits of entropy)
transform must specify what to do in case of weak key
if alg has a small number of weak keys then the
recommendation is to request a new SA
Name space to IANA
need algorithm ids
forward issue to list
Audit
Decision is that this will be documented as "SHOULD implement"
MIB
take issue to list
----------------------
The following issues were discussed and agreed upon in the Wednesday
mtg.
ISAKMP
ISAKMP should be bound to port 500 (i.e. send and receive on
port 500)
No need to negotiate replay window size.
replay window size is 32.
Increase it to a higher value later on if necesary.
Situation and DOI must be included in calculating hash for the
quick mode
for public-key encryption, SKEYID = prf(Ni | Nr, g^xy)
(it was hash(Ni | Nr).
HASH(2) in Quick Mode includes the initiator's nonce. For
ease of processing stick it after the message-id, i.e.
HASH(2) = prf(SKEYID_a, M-ID | Ni | SA | Nr [ | KE ] [ | IDui | IDur
] )
^^^^
Follow-Ups: