[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IKEv2 algorithms and UI suites comments

To: ipsec@lists.tislabs.com
Subject: IKEv2 algorithms and UI suites comments
From: Black_David@emc.com
Date: Fri, 20 Jun 2003 18:54:59 -0400
Sender: owner-ipsec@lists.tislabs.com

Algorithms: draft-ietf-ipsec-ikev2-algorithms-02.txt

Section 4.1.2:
	They are references by group number.

Change "references" to "identified" or "referenced".

Also I'd like to see a sentence added to say that
all other groups not listed in the table are MAY.

Section 4.1.3

At the risk of reopening an old topic, given the
absence of a specification for use of RC4 with ESP
and the known risks of stream cipher-based design
by non-experts, would SHOULD NOT be more appropriate
than MAY for ENCR_RC4?

UI Suites: draft-ietf-ipsec-ui-suites-01.txt                      

Section 2.2, "VPN-B" suite specifies:

Pseudo-random function   AES-XCBC-MAC-96 [AES-XCBC-MAC]

Shouldn't that be AES-XCBC-MAC without the -96 (only
for the prf)?

The -96 version discards 32 bits at the final 
step because only 96 bits are sent on the wire, but
that's not desirable behavior for a prf, and the full
specification of the 128 bit version (including
128 bit test vectors) is in the [AES-XCBC-MAC] draft.

Thanks,
--David

----------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
black_david@emc.com        Mobile: +1 (978) 394-7754
----------------------------------------------------

Follow-Ups:
- Re: IKEv2 algorithms and UI suites comments
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

Prev by Date: IKEv2 last call: editorial request
Next by Date: Re: IKEv2 algorithms and UI suites comments
Prev by thread: IKEv2 last call: editorial request
Next by thread: Re: IKEv2 algorithms and UI suites comments
Index(es):
- Date
- Thread