[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ESP Draft



Hello,

A few questions/comments (mostly editorial) regarding the new draft:

Page 8, Section 2 -
(see Section ?? below)

3.3.2.2?

Page 12, Section 2.2.1 -
See Section ?? for processing details.

3.3.2.2?

Page 14, Section 2.4 -

"           o For the purpose of ensuring that the bits to be encrypted
             are a multiple of the algorithm's blocksize (first bullet
             above), the padding computation applies to the Payload Data
             exclusive of any IV, but including the ESP trailer
             fields. If a combined algorithm mode requires transmission
             of the SPI and Sequence Number to effect integrity, then
             these data items, and any associated, ICV-equivalent data,
             are included in the computation of the pad length. (If the
             ESN option is selected, the high order 32 bits of the ESN
             also would enter into the computation, if the combined mode
             algorithm requires their transmission for integrity.)"

The reference to SPI and Sequence Number above are for replicated
transmission?  If so, perhaps this could be mentioned.

Page 17, Section 3.1.1 -

"Destination options extension header(s) could appear
   before, after, or both before and after the ESP header depending on
   the semantics desired"

Just a question I've had for a while, is there an advantage to allowing the
destination options to come before the ESP header?

Page 22, Section 3.3.2.1 -

"           2. adds any necessary padding Ï Optional TFC padding and
              (encryption) Padding"

Non-text character.

Page 23. Section 3.3.2.2 -

"           2. adds any necessary paddingÏincludes optional TFC padding
              and Padding."

Non-text character, and should there be an (encryption) before the Padding?

Page 32, Section 5 -

"AES in CBC mode"

128/192/256?

Page 32, Section 5 -

Should 3DES be required for compatibility with existing implementations?

Page 32, Section 5 -

I saw the IP Storage group is looking at requiring AES in a Counter Mode,
any word when NIST will have something on this?


Best Regards,
Joseph D. Harwood
(408) 838-9434
jharwood@vesta-corp.com
www.vesta-corp.com