Paul Hoffman writes: > Based on Pasi's AD review, the authors significantly shortened the > document. It seems prudent to have the WG review the new, shorter > version. In particular, it would be good for developers to look at > the new short document and see if it is complete enough to implement > from. > > This review cycle will end in a week, but please do the review early > in case problems are found.
The draft looks good, but I would clarify the security considerations section a bit. Now it says: Security considerations explained in section 7 of [RFC3686] are entirely relevant for this draft also. The security considerations on fresh keys and integrity protection in section 7 of [RFC3686] are totally applicable on using AES-CTR in IKEv2; see [RFC3686] for details. Due to this reasons, static keys are never used for the IKE SA and the IKE_SA always uses integrity protection. The last paragraph is bit misleading, as there is no way static keys can be used in IKE SA at all, and this is not because of the issues of AES-CTR. Also integrity protection is already mandatory for IKEv2 IKE SA regardless whether AES-CTR is used or not. It would be better to replace the last sentence with: As static keys are never used in IKEv2 for IKE_SA and integrity protection is mandatory for IKE_SA, these issues are not applicable for AES-CTR in IKEv2 when protecting IKE_SA. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
