[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IKEv2 algorithms and UI suites comments
Algorithms: draft-ietf-ipsec-ikev2-algorithms-02.txt
Section 4.1.2:
They are references by group number.
Change "references" to "identified" or "referenced".
Also I'd like to see a sentence added to say that
all other groups not listed in the table are MAY.
Section 4.1.3
At the risk of reopening an old topic, given the
absence of a specification for use of RC4 with ESP
and the known risks of stream cipher-based design
by non-experts, would SHOULD NOT be more appropriate
than MAY for ENCR_RC4?
UI Suites: draft-ietf-ipsec-ui-suites-01.txt
Section 2.2, "VPN-B" suite specifies:
Pseudo-random function AES-XCBC-MAC-96 [AES-XCBC-MAC]
Shouldn't that be AES-XCBC-MAC without the -96 (only
for the prf)?
The -96 version discards 32 bits at the final
step because only 96 bits are sent on the wire, but
that's not desirable behavior for a prf, and the full
specification of the 128 bit version (including
128 bit test vectors) is in the [AES-XCBC-MAC] draft.
Thanks,
--David
----------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 176 South St., Hopkinton, MA 01748
+1 (508) 293-7953 FAX: +1 (508) 293-7786
black_david@emc.com Mobile: +1 (978) 394-7754
----------------------------------------------------