Re: [IPsec] Working Group Last Call: draft-ietf-ipsecme-esp-ah-reqts

Mon, 03 Mar 2014 04:03:08 -0800 

Hi,

I have mostly no problem with the document.

However I have one small concern.

The draft lists the following trasforms based on AES cipher:

AES-GCM
AES-CCM
AES-CTR
AES-128-CBC
AES-GMAC
AES-XCBC-MAC-96

All these transforms, except for AES-XCBC-MAC-96,
allows to be used with different key lengths - 128, 192 and 256 bits.
It looks strange to me that, unlike the others, AES-128-CBC
has key length explicitely specified in the draft. Why it differs in
this respect from the others? What about AES-192-CBC and
AES-256-CBC - are they also "MUST" or "MAY"? Or even "MUST NOT"? :-)

I think the draft should either:
- remove explicit key length from AES-128-CBC and make it just AES-CBC
- add explicit key length to all other AES-based transforms (except for AES-XCBC-MAC-96) - leave things as is, but explain why AES-CBC differs in this respect from the others 

Regards,
Valery Smyslov.
----- Original Message ----- From: "Yaron Sheffer" <yaronf.i...@gmail.com> 
To: "ipsec" <ipsec@ietf.org>
Sent: Tuesday, February 25, 2014 10:48 PM
Subject: [IPsec] Working Group Last Call: draft-ietf-ipsecme-esp-ah-reqts
Hi, this is to start a 2-week working group last call on the revised Algorithm Implementation Requirements document, ending March 11. The draft is at: http://tools.ietf.org/html/draft-ietf-ipsecme-esp-ah-reqts-01. We should have last called the draft a while ago, and I apologize for the delay.
The changes from the existing requirements are listed in Sec. 2.5 of the draft, but most of this (rather short) document is new and describes the rationale for the choice of algorithms and requirement levels.
Please read this draft and send any comments to the WG mailing list, even if the comments are "I see no problems". Comments such as "I do not understand this part" or "this part could be explained better in this way" are particularly useful at this point. 

Thanks,
    Yaron

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec 

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to