[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AH/ESP drafts

To: IP Security List <ipsec@tis.com>
Subject: Re: AH/ESP drafts
From: Lewis McCarthy <lmccarth@cs.umass.edu>
Date: Fri, 13 Mar 1998 16:36:15 -0500
Organization: UMass-Amherst Theoretical Computer Science Group, <http://www.cs.umass.edu/~thtml/>
References: <199803131729.MAA06106@relay.rv.tis.com>
Sender: owner-ipsec@ex.tis.com

Karen Seo writes re: draft-...-esp-v2-04.txt:
> Section 5. Conformance Requirements
> 
>         Changed list of algorithms 
[...]
>         to:
>                 - DES in CBC mode [MD97]
>                 - HMAC with MD5 [MG97a]
>                 - HMAC with SHA-1 [MG97b]
>                 - NULL Authentication algorithm
>                 - NULL Encryption algorithm
> 
>         Added the text:
> 
>                 Since ESP encryption and authentication are optional,
>                 support for the 2 "NULL" algorithms is required to
>                 maintain consistency with the way these services are
>                 negotiated.  NOTE that while authentication and
>                 encryption can each be "NULL", they MUST NOT both be
>                 "NULL".

If we treat NULL-Auth and NULL-Encrypt as separate algorithms, do we
need draft-ietf-ipsec-ciph-null to define a NULL-Auth? 
Currently it explicitly gives a definition of an _encryption_ algorithm,
not an authentication algorithm. (Reading ESP Sec. 2.7 literally, we
would need to add specification of the ICV field length and "the 
comparison and processing steps for validation" to create a 
conformant auth algorithm spec :-)

-Lewis  <pseudonym@acm.org>

References:

AH/ESP drafts

From: Karen Seo <kseo@bbn.com>

Prev by Date: comments on ...isakmp-mode-cfg-02
Next by Date: Re: new IKE draft
Prev by thread: AH/ESP drafts
Next by thread: Architecture draft
Index(es):
- Main
- Thread