Hi Sheila, Thanks for pointing this out. I agree that the draft needs to be changed to align with the ESP RFC.
David On 3/12/13 10:01 AM, "Frankel, Sheila E." <sheila.fran...@nist.gov> wrote: >Hi David and Wajdi, > >Your updated ESP/AH algorithm doc looks great, and is very much needed. I >just have one comment. You speak of the 2 services provided by ESP and AH >as confidentiality and "data origin authentication." As I'm sure you >know, authentication is used in different ways by different communities. >I believe that in most of the IPsec docs the 1st service is referred to >interchangeably as encryption and confidentiality; the 2nd service is >interchangeably referred to as authentication and integrity protection. >However, in RFC 4303 (ESP) it states: "Data origin authentication and >connectionless integrity are joint services, hereafter referred to >jointly as "integrity"." In your doc, the integrity-protection aspect is >not mentioned at all, and I believe that is a critical oversight. > >Sheila Frankel >_______________________________________________ >IPsec mailing list >IPsec@ietf.org >https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
