[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: feedback on algorithms-00

To: "'Paul Hoffman / VPNC'" <paul.hoffman@vpnc.org>, ipsec@lists.tislabs.com
Subject: RE: feedback on algorithms-00
From: Gregory Lebovitz <Gregory@netscreen.com>
Date: Thu, 15 May 2003 09:59:16 -0700
Sender: owner-ipsec@lists.tislabs.com

including the list...

> -----Original Message-----
> From: Paul Hoffman / VPNC [mailto:paul.hoffman@vpnc.org]
> Sent: Thursday, May 15, 2003 7:49 AM
> To: Gregory Lebovitz
> Subject: Re: feedback on ipsec-algorithms-00
> 
> 
> >- Makes perfect sense to have this separate from the actual 
> proto docs.
> >Thanks for getting it done.
> 
> Your welcome. See below.
> 
> >- Sect 2, first sentence, typo "used in IKEv2 for may security..."
> 
> Thanks, go it.
> 
> >- format help: would be nice in 2.1-2.4 to add a 4th column 
> to each chart
> >that holds MUST, SHOULD, etc. That way the reader can see 
> what's what very
> >quickly.
> 
> I didn't do that because of the difference between "MUST today" and 
> "MUST tomorrow". That is, I wanted to keep the wording below the 
> tables being definitive.

no argument about keeping the wording; I wouldn't have suggested removing
it. Adding the column will make ingestion easier on the reader.
Additionally, you could put a "*" by the SHOULD that calls to text below
highlighting the "MUST Later" stuff.
 
> >- 2.4 - the DH values for 1-5 are currently defined in 
> [IKEv2]. Since this
> >is the crypto doc, shouldn't we pull those definitions out 
> of the [IKEv2]
> >and into this doc, along with the definitions of values for 
> the others?
> 
> Yes, but no one had a strong opinion on this.

I'd say just do it and see if anyone screams. Probably no one will care, and
most will think its a good idea.

> 
> >   - second sentence says values 6-200. But really it is 
> 6-13, 19-200, right?
> >Because 14-18 are defined in [MODP]?
> 
> Correct; good catch.
> 
> 
> >- 3.0 1st para, last sentence, TYPO:  "Instead *they* give..."
> 
> Fixed.
> 
> >-3.x - I really like the idea of doing suites via 
> "profiling" that dictates
> >the suites we will all use in practice, while the actual 
> protocol should
> >call for "a la carte" method of SA proposal. It makes for 
> (a) a much more
> >powerful and flexible protocol, while (b) providing the ease 
> of use and
> >crypto sanity checking that are needed on both ends of the
> >security/convenience spectrum.  We can even name them the 
> same thing in our
> >UI's, which will make interop all that much easier.
> 
> Exactly.

Follow-Ups:
- More on algorithms for IKEv2
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

Prev by Date: Re: Confirm decision on identity handling.
Next by Date: RE: Confirm decision on identity handling.
Prev by thread: RFC 3526 on More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)
Next by thread: More on algorithms for IKEv2
Index(es):
- Date
- Thread