[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-ipsec-ciph-des-derived-00

To: Norman Shulman <norm@tor.securecomputing.com>
Subject: Re: draft-ietf-ipsec-ciph-des-derived-00
From: "William Allen Simpson" <wsimpson@greendragon.com>
Date: Wed, 23 Jul 97 11:36:33 GMT
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

> From: Norman Shulman <norm@tor.securecomputing.com>
> Page 4, 4.2, paragraph 2: Suggest adding the following sentence (copied from
> 4.3): "Alternatively, the least significant bit of each key byte is ignored,
> or locally set to parity by the DES implementation."
>
No, the purpose of the parity in manual keying is to detect
configuration errors.  It SHOULD be required.

4.3 is for automated keying.  It MAY be required.

SHOULD and MAY have very specific meanings.


> Page 6, Pad Values, Range: Should be 1 to 255.
>
No, please read in context.  The value is the _configured_ maximum
amount of padding to generate and check.  Zero (0) means no checking.
For DES, when checking is enabled, the required value is 7, generating
and checking 0-7 bytes of padding.  More than 7 are allowed.  Therefore,
the configuration range is 7 to 255.

This section was designed to complement the text that the WG asked to be
added to the ESP draft.  I will check the ESP draft to ensure that it
includes the necessary explanation.

WSimpson@UMich.edu
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
BSimpson@MorningStar.com
    Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

Follow-Ups:

Re: draft-ietf-ipsec-ciph-des-derived-00

From: Norman Shulman <norm@tor.securecomputing.com>

Prev by Date: Re: Auth algorithm measurement tools?
Next by Date: Re[8]: ISAKMP performance
Prev by thread: draft-ietf-ipsec-ciph-des-derived-00
Next by thread: Re: draft-ietf-ipsec-ciph-des-derived-00
Index(es):
- Main
- Thread