[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IKEv2 algorithms and UI suites comments

Algorithms: draft-ietf-ipsec-ikev2-algorithms-02.txt

Section 4.1.2:
	They are references by group number.

Change "references" to "identified" or "referenced".

Also I'd like to see a sentence added to say that
all other groups not listed in the table are MAY.

Section 4.1.3

At the risk of reopening an old topic, given the
absence of a specification for use of RC4 with ESP
and the known risks of stream cipher-based design
by non-experts, would SHOULD NOT be more appropriate
than MAY for ENCR_RC4?

UI Suites: draft-ietf-ipsec-ui-suites-01.txt                      

Section 2.2, "VPN-B" suite specifies:

Pseudo-random function   AES-XCBC-MAC-96 [AES-XCBC-MAC]

Shouldn't that be AES-XCBC-MAC without the -96 (only
for the prf)?

The -96 version discards 32 bits at the final 
step because only 96 bits are sent on the wire, but
that's not desirable behavior for a prf, and the full
specification of the 128 bit version (including
128 bit test vectors) is in the [AES-XCBC-MAC] draft.


David L. Black, Senior Technologist
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
black_david@emc.com        Mobile: +1 (978) 394-7754