Hi,
my comments mostly are addressed, thanks.
The one still unaddressed is a strange comment "?SHOULD" in the last table
(Section 4.2). What does it mean?
Regards,
Valery.
-----Original Message-----
From: Tero Kivinen
Sent: Wednesday, April 6, 2016 3:06 PM
To: internet-dra...@ietf.org
Cc: ipsec@ietf.org ; i-d-annou...@ietf.org
Subject: [IPsec] I-D Action: draft-ietf-ipsecme-rfc4307bis-06.txt
internet-dra...@ietf.org writes:
A New Internet-Draft is available from the on-line Internet-Drafts
directories. This draft is a work item of the IP Security
Maintenance and Extensions of the IETF.
This version includes the pre-shared keys (or "Shared Key Message
Integrity Code") in the authentication method table, as it specified
in the RFC7296 as mandatory to implement, so we want to say it MUST
here too. While I was doing that change, I noticed that we actually
update the RFC7296, as the 7296 section 4 has text saying that RSA
with key lengths of 1024 or 2048 are mandatory. In our section 4.1.1
we actually say that RSA key lengths with less than 2048 bits are
SHOULD NOT, so our recommendation are different than what is in the
RFC7296. After quick verify from our WG chair, I marked this document
as updating the RFC7296 (and added the missing fact that is obsoletes
rfc4307). The fact that this updates RFC7296 was also added in the
introduction.
In addition to those changes, this contains some fixes for some typos
etc (especially in the section 5 algoritms for IoT).
With these changes, I think this document is ready for the WGLC.
Title : Algorithm Implementation Requirements and Usage
Guidance for IKEv2
Authors : Yoav Nir
Tero Kivinen
Paul Wouters
Daniel Migault
Filename : draft-ietf-ipsecme-rfc4307bis-06.txt
Pages : 16
Date : 2016-04-06
Abstract:
The IPsec series of protocols makes use of various cryptographic
algorithms in order to provide security services. The Internet Key
Exchange (IKE) protocol is used to negotiate the IPsec Security
Association (IPsec SA) parameters, such as which algorithms should be
used. To ensure interoperability between different implementations,
it is necessary to specify a set of algorithm implementation
requirements and usage guidance to ensure that there is at least one
algorithm that all implementations support. This document defines
the current algorithm implementation requirements and usage guidance
for IKEv2. This document does not update the algorithms used for
packet encryption using IPsec Encapsulated Security Payload (ESP).
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-ipsecme-rfc4307bis/
There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-ipsecme-rfc4307bis-06
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-rfc4307bis-06
Please note that it may take a couple of minutes from the time of
submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
--
kivi...@iki.fi
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
