[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: new version of ESP ID

To: "'Karen Seo'" <kseo@bbn.com>, " 'list'" <ipsec@lists.tislabs.com>
Subject: RE: new version of ESP ID
From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>
Date: 28 Jun 2002 20:01:06 -0400
Importance: Normal
In-Reply-To: <p05111b1db9427dd7ef9a@[128.89.89.115]>
Reply-To: andrew.krywaniuk@alcatel.com
Sender: owner-ipsec@lists.tislabs.com

> A question was posed to the working group (6/17) as to whether to
> change the SA demuxing values to allow use of the Source IP address
> for source-specific multicast protocols. There has been no feedback
> so far so no changes were made.

I spoke with the original poster (who also works at Alcatel). It doesn't
appear that the use of the source IP as a selector would affect normal IPsec
operation, since you only need to apply the rule when you are doing SSM and
when you are doing SSM you will know which addresses are unicast and which
are SSM. Therefore, this sounds like a question for the MSec WG.

Andrew
-------------------------------------------
There are no rules, only regulations. Luckily,
history has shown that with time, hard work,
and lots of love, anyone can be a technocrat.



> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Karen Seo
> Sent: Friday, June 28, 2002 6:55 PM
> To: ipsec@lists.tislabs.com
> Cc: skent@gto-mailer1.bbn.com; clynn@gto-mailer1.bbn.com;
> kseo@gto-mailer1.bbn.com
> Subject: new version of ESP ID
>
>
> Folks,
>
> We have just submitted the following 2 drafts:
>
>   1. a revised version of the Internet Draft for the IP Encapsulating
>      Security Payload (ESP).  It has only a couple of changes from the
>      previous version:
>
>      A. Section 2.2.1 "Extended Sequence Number", paragraph 1
>         Changed "SHOULD" to MUST" as follows:
>
>         Old text:
> 	"Use of an Extended Sequence Number (ESN) SHOULD be negotiated
> 	by an SA management protocol, although it could also be part
> 	of the configuration data for a manually configured SA."
>
>         New text:
> 	"Use of an Extended Sequence Number (ESN) MUST be negotiated
> 	by an SA management protocol."
>
>      B. Section 5 "Conformance Requirements".  Added a default
>         key size of 128 bits for "AES in CBC mode".
>
>         Old text:
> 	"A compliant ESP implementation MUST support the following
> 	mandatory-to-implement algorithms:
> 	        - AES in CBC mode"
>
>         New text:
> 	"A compliant ESP implementation MUST support the following
> 	mandatory-to-implement algorithms:
> 	        - AES (with 128-bit keys) in CBC mode"
>
>   2. a revised version of the Internet Draft for the IP Authentication
>      Header (AH).  It has only one change from the previous version:
>
>      A. Section 2.5.1 "Extended Sequence Number", paragraph 1
>         Changed "SHOULD" to MUST" as follows:
>
>         Old text:
> 	"Use of an Extended Sequence Number (ESN) SHOULD be negotiated
> 	by an SA management protocol, although it could also be part
> 	of the configuration data for a manually configured SA."
>
>         New text:
> 	"Use of an Extended Sequence Number (ESN) MUST be negotiated
> 	by an SA management protocol."
>
>
> A question was posed to the working group (6/17) as to whether to
> change the SA demuxing values to allow use of the Source IP address
> for source-specific multicast protocols. There has been no feedback
> so far so no changes were made.
>
> Thank you,
> Karen
>
>

Prev by Date: I-D ACTION:draft-ietf-ipsec-ciph-sha-256-01.txt
Next by Date: Re: new version of ESP ID (plus new AH ID)
Prev by thread: I-D ACTION:draft-ietf-ipsec-ciph-sha-256-01.txt
Next by thread: Re: new version of ESP ID
Index(es):
- Date
- Thread