> Security considerations explained in section 7 of [RFC3686] are > entirely relevant for this draft also. The security considerations > on fresh keys and integrity protection in section 7 of [RFC3686] are > totally applicable on using AES-CTR in IKEv2; see [RFC3686] for > details. Due to this reasons, static keys are never used for the IKE > SA and the IKE_SA always uses integrity protection. > > The last paragraph is bit misleading, as there is no way static keys > can be used in IKE SA at all, and this is not because of the issues of > AES-CTR. Also integrity protection is already mandatory for IKEv2 IKE > SA regardless whether AES-CTR is used or not. It would be better to > replace the last sentence with: > > As static keys are never used in IKEv2 for IKE_SA and integrity > protection is mandatory for IKE_SA, these issues are not applicable > for AES-CTR in IKEv2 when protecting IKE_SA.
Agree, I will reword this part. Sean _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
