Re: [IPsec] Erik Kline's No Objection on draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT)

Wed, 30 Nov 2022 00:06:37 -0800 

Hi Erik,

thank you for your comments. Please see inline.

> -----Original Message-----
> From: Erik Kline via Datatracker [mailto:nore...@ietf.org]
> Sent: Wednesday, November 30, 2022 6:16 AM
> To: The IESG
> Cc: draft-ietf-ipsecme-ikev2-multiple...@ietf.org; ipsecme-cha...@ietf.org; 
> ipsec@ietf.org;
> kivi...@iki.fi; kivi...@iki.fi
> Subject: Erik Kline's No Objection on 
> draft-ietf-ipsecme-ikev2-multiple-ke-10: (with COMMENT)
> 
> Erik Kline has entered the following ballot position for
> draft-ietf-ipsecme-ikev2-multiple-ke-10: No Objection
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to 
> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
> for more information about how to handle DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-multiple-ke/
> 
> 
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> # Internet AD comments for draft-ietf-ipsecme-ikev2-multiple-ke-10
> CC @ekline
> 
> ## Nits
> 
> ### S2
> 
> * s/FIPS complaint/FIPS compliant/

Funny typo :-) Fixed, thank you.

> ### S3.2.1
> 
> * I take it that it's not relevant to the example flow that there is no
>   transform called AKE4.  :-)

This was done on purpose, to illustrate the text in the para above:

   The initiator MAY propose non-consecutive Additional Key Exchange
   transforms, for example proposing Additional Key Exchange 2 and
   Additional Key Exchange 5 transforms only.

> ### S5
> 
> * "can dwarfed"?

This has been  already changed to:

    Simply increasing the key length can mitigate this attack.

by request from Sean.

The updated PR is available at:
https://github.com/post-quantum/ietf-pq-ikev2/pull/22

Regards,
Valery.

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to