[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
new version of ESP ID
Folks,
We have just submitted the following 2 drafts:
1. a revised version of the Internet Draft for the IP Encapsulating
Security Payload (ESP). It has only a couple of changes from the
previous version:
A. Section 2.2.1 "Extended Sequence Number", paragraph 1
Changed "SHOULD" to MUST" as follows:
Old text:
"Use of an Extended Sequence Number (ESN) SHOULD be negotiated
by an SA management protocol, although it could also be part
of the configuration data for a manually configured SA."
New text:
"Use of an Extended Sequence Number (ESN) MUST be negotiated
by an SA management protocol."
B. Section 5 "Conformance Requirements". Added a default
key size of 128 bits for "AES in CBC mode".
Old text:
"A compliant ESP implementation MUST support the following
mandatory-to-implement algorithms:
- AES in CBC mode"
New text:
"A compliant ESP implementation MUST support the following
mandatory-to-implement algorithms:
- AES (with 128-bit keys) in CBC mode"
2. a revised version of the Internet Draft for the IP Authentication
Header (AH). It has only one change from the previous version:
A. Section 2.5.1 "Extended Sequence Number", paragraph 1
Changed "SHOULD" to MUST" as follows:
Old text:
"Use of an Extended Sequence Number (ESN) SHOULD be negotiated
by an SA management protocol, although it could also be part
of the configuration data for a manually configured SA."
New text:
"Use of an Extended Sequence Number (ESN) MUST be negotiated
by an SA management protocol."
A question was posed to the working group (6/17) as to whether to
change the SA demuxing values to allow use of the Source IP address
for source-specific multicast protocols. There has been no feedback
so far so no changes were made.
Thank you,
Karen