Frankel, Sheila E. writes:
>
> #111: Can IKEv1 negotiate combined algorithms to be used by IPsec-v3?
>
> Proposed changes to Roadmap doc:
>
> 1) Add text to section 5.4 (Combined Mode Algorithms)
...
> Additional text:
> Some IKEv1 implementations have added the capability to negotiate
> combined mode algorithms for use in IPsec SAs; these implementations
> do not include the capability to use combined mode algorithms to protect
> IKE SAs. Since combined mode algorithms are not a feature of IPsec-v2,
> these IKEv1 implementations are used in conjunction with IPsec-v3. IANA
> numbers for combined mode algorithms have been added to the IKEv1 registry.
That text seems ok.
> 2) Change IKEv2 and IPsec-v2 requirement levels
>
> Requirements levels for AES-GMAC:
> old IKEv2 - optional
> new IKEv2 - optional (integrity-protection algorithm)
> N/A (combined mode algorithm with NULL encryption)
IKEv2 SA cannot be used with NULL encryption, so using AES-GMAC
requires some other encryption algorithm when used in IKEv2. AES-GMAC
requires IV and some other encryption algorithm used with it also
requires IV, which means we require two IVs or they require sharing
the IV, which might not be possible as there IV generation rules (and
lengths) might be different.
I do not think it is possible to use AES-GMAC at all to protect IKEv2
traffic, and also it does not make any sense to use AES-GMAC as it
says that it is to be used when no confidentiality is desired, and as
in IKEv2 that is required then AES-GCM should be used instead.
>From RFC5282:
----------------------------------------------------------------------
3. The Use of AES-GMAC in ESP
...
If confidentiality is desired, then
GCM ESP [RFC4106] SHOULD be used instead.
----------------------------------------------------------------------
So I think the correct change is
IKEv2 - N/A (IKEv2 requires encryption).
--
kivi...@iki.fi
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
