[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: More on algorithms for IKEv2

To: "'Paul Hoffman / VPNC'" <paul.hoffman@vpnc.org>, <ipsec@lists.tislabs.com>
Subject: RE: More on algorithms for IKEv2
From: "Yoav Nir" <ynir@CheckPoint.com>
Date: Sun, 18 May 2003 11:27:35 +0200
Importance: Normal
In-Reply-To: <p0521060bbaec10159ead@[63.202.92.152]>
Sender: owner-ipsec@lists.tislabs.com

Hi Paul.

Sorry I didn't ask about this earlier.  With some vendors already offering
AES with larger keys (192- and 256-bit), why aren't there numbers assigned
for these transforms (section 2.1)

Also, in the same section, you have the following:
For IKEv2, ENCR_3DES (3) MUST be implemented and ENCR_AES_128_CBC (12)
SHOULD be implemented.

However, the number for ENCR_AES_128_CBC is 10, not 12.

Similarly, in section 2.3, the number of AUTH_AES_XCBC_96 is 4, not 5.

Yoav Nir

-----Original Message-----
From: owner-ipsec@lists.tislabs.com
[mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Paul Hoffman / VPNC
Sent: Saturday, May 17, 2003 6:18 PM
To: ipsec@lists.tislabs.com
Subject: More on algorithms for IKEv2


Based on Gregory's comments and talking to Charlie, I revised my
IKEv2 algorithms document. It's now at
<ftp://ftp.ietf.org/internet-drafts/draft-hoffman-ipsec-algorithms-02.txt>.
The major change was to move the MODP groups from the main IKEv2
document into the algorithms document, but I also corrected the typos
that Greogy pointed out and updated the reference to RFC 3526 and
made the IANA considerations clearer.

On thing that Gregory asked for that I didn't do (yet) is:

>  > >- format help: would be nice in 2.1-2.4 to add a 4th column
>>  to each chart
>>  >that holds MUST, SHOULD, etc. That way the reader can see
>>  what's what very
>>  >quickly.
>>
>>  I didn't do that because of the difference between "MUST today" and
>>  "MUST tomorrow". That is, I wanted to keep the wording below the
>>  tables being definitive.
>
>no argument about keeping the wording; I wouldn't have suggested removing
>it. Adding the column will make ingestion easier on the reader.
>Additionally, you could put a "*" by the SHOULD that calls to text below
>highlighting the "MUST Later" stuff.

I'm willing to do that if people want it, but I don't consider it all
that hard for someone reading the document to look at the paragraph
after the table to figure out the MUST and SHOULD requirements.

--Paul Hoffman, Director
--VPN Consortium

Follow-Ups:
- How will we specify AES key lengths?
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

References:
- More on algorithms for IKEv2
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

Prev by Date: More on algorithms for IKEv2
Next by Date: Re: Confirm decision on identity handling.
Prev by thread: More on algorithms for IKEv2
Next by thread: How will we specify AES key lengths?
Index(es):
- Date
- Thread