Paul Wouters writes:
> See
> https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-5
>
> I noticed that the IKEv2 column for AES_GCM variants mentions RFC
> 8247. This should be RFC 8221. And for AES_CCM, the ESP and IKEv2
> columns are missing the RFC 8247/8221 entries entirely.
No. IKEv2 column should still be for IKEv2 use of the AES_GCM, thus
RFC8247 is more appropriate than RFC8221.
But the reason RFC8247 is listed for ESP and IKEv2 reference columns
for the AES-GCM and CAMELLIA is because the RFC8247 changed the name
of those algorithms:
+---------------------------------------+----------------------+
| Old name | New name |
+---------------------------------------+----------------------+
| AES-GCM with a 8 octet ICV | ENCR_AES_GCM_8 |
| AES-GCM with a 12 octet ICV | ENCR_AES_GCM_12 |
| AES-GCM with a 16 octet ICV | ENCR_AES_GCM_16 |
| ENCR_CAMELLIA_CCM with an 8-octet ICV | ENCR_CAMELLIA_CCM_8 |
| ENCR_CAMELLIA_CCM with a 12-octet ICV | ENCR_CAMELLIA_CCM_12 |
| ENCR_CAMELLIA_CCM with a 16-octet ICV | ENCR_CAMELLIA_CCM_16 |
+---------------------------------------+----------------------+
As the AES_CCM was not renamed there is no reference to the RFC8247 in
its references.
Note, that the Note in the beginning of the registry do provide
pointers to the RFC8221 and RFC8247 for requirement levels:
Note
To find out requirement levels for encryption algorithms for
ESP, see [RFC8221]. For IKEv2, see [RFC8247].
and there is no need to add RFC8221 or RFC8247 to any algorithms just
to get that reference...
> If someone would like to confirm these errors, I can see about what the
> process is to fix these :)
There is no errors. And the process to fix them is to contact IANA
(which will contact designated experts), or the designated experts
directly :-)
--
[email protected]
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
