We have tried to limit the suites supported in 5202 and have our own
suite list, different from:
http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xml
In part this is good as many of those suites are old and should be just
lost. But some are marginially important and it is hard to figure out
which they are. To get to specifics we have AES-CCM and AES-GCM 8 & 16,
we skip 12 for each. But what about ENCR_NULL_AUTH_AES_GMAC? We don't
have a 'good' auth only beyond NULL-ENCRYPT with HMAC-SHA2 (there is no
AES-CMAC cipher, as that would really not work). So marginally we need
to add the GMAC cipher.
Then I am in discussions with a few people to come out with a set of
'compressed' CCM and GCM ciphers that replace the cipher's IV with using
ESP's ESN, saving 8 bytes on the 'wire' and in wireless situations this
is really worth doing. And I really will need the AES-CCM-8 version of
this for one application and AES-GCM-8 for another. One can argue that
if the wireless developers are busy screaming about both the ESN and IV,
they will opt for the 8-octet ICV.
So what do we do? Do we exactly follow the ESP cipher suite list and be
done with it? If it is available for ESP use it if you desire? Or do
we maintain our own reduced list and after publishing add more through
our expert(s) like IKEv2 does (that is Tero).
As I look over the last paragraph I realize it is not so simple, as the
ESP_TRANSFORM is both the encryption and authentication, whereas other
users of ESP negotiate these separately. So we do need to go with
option 2, our own list as we have, and add GMAC to the current list and
be ready to add the compressed versions of CCM and GCM.
_______________________________________________
Hipsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/hipsec
