[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

new version of ESP ID



Folks,

We have just submitted the following 2 drafts:

  1. a revised version of the Internet Draft for the IP Encapsulating
     Security Payload (ESP).  It has only a couple of changes from the
     previous version:

     A. Section 2.2.1 "Extended Sequence Number", paragraph 1
        Changed "SHOULD" to MUST" as follows:

        Old text:
	"Use of an Extended Sequence Number (ESN) SHOULD be negotiated
	by an SA management protocol, although it could also be part
	of the configuration data for a manually configured SA."

        New text:
	"Use of an Extended Sequence Number (ESN) MUST be negotiated
	by an SA management protocol."

     B. Section 5 "Conformance Requirements".  Added a default
        key size of 128 bits for "AES in CBC mode".

        Old text:
	"A compliant ESP implementation MUST support the following
	mandatory-to-implement algorithms:
	        - AES in CBC mode"

        New text:
	"A compliant ESP implementation MUST support the following
	mandatory-to-implement algorithms:
	        - AES (with 128-bit keys) in CBC mode"

  2. a revised version of the Internet Draft for the IP Authentication
     Header (AH).  It has only one change from the previous version:

     A. Section 2.5.1 "Extended Sequence Number", paragraph 1
        Changed "SHOULD" to MUST" as follows:

        Old text:
	"Use of an Extended Sequence Number (ESN) SHOULD be negotiated
	by an SA management protocol, although it could also be part
	of the configuration data for a manually configured SA."

        New text:
	"Use of an Extended Sequence Number (ESN) MUST be negotiated
	by an SA management protocol."


A question was posed to the working group (6/17) as to whether to 
change the SA demuxing values to allow use of the Source IP address 
for source-specific multicast protocols. There has been no feedback 
so far so no changes were made.

Thank you,
Karen