Re: [IPsec] #121: Rekeying IKE SAs: KEr errors and PRF question

Paul Hoffman wrote: We earlier agreed in issue #50 to make the KEr in Section 1.3.2 (Rekeying IKE SAs with the CREATE_CHILD_SA Exchange) mandatory: -- HDR, SK {SA, Nr, KEr} Note that this is not in the current draft, but will be in the next one. So, what

[IPsec] #121: Rekeying IKE SAs: KEr errors and PRF question

Paul Hoffman writes: We earlier agreed in issue #50 to make the KEr in Section 1.3.2 (Rekeying IKE SAs with the CREATE_CHILD_SA Exchange) mandatory: -- HDR, SK {SA, Nr, KEr} Note that this is not in the current draft, but will be in the next one. So, what

[IPsec] #122: Integrity proposals with combined algorithms

Paul Hoffman writes: The 4th paragraph of section 3.3 says If an algorithm that combines encryption and integrity protection is proposed, it MUST be proposed as an encryption algorithm and an integrity protection algorithm MUST NOT be proposed. This means that an integrity protection

[IPsec] #123: Proposal to remove the IANA tables from IKEv2bis

Paul Hoffman writes: This has flummoxed a few reviewers. Tables such as those in section 3.3.2 are already out of date because things have been added since RFC 4306. I propose that we remove all these tables from IKEv2bis, and add notes pointing to the current IANA registries. I cannot see

Re: [IPsec] comments on esp-null-heuristics-01

Michael Richardson writes: It is? I'll bet 95% of actual transport mode IPsec has an L2TP layer inside. Tero Inside one enterprise? I do not think so. I guess most of the Tero IPsec traffic is VPN style tunnel mode, but as that is going Tero over untrusted networks

Re: [IPsec] #121: Rekeying IKE SAs: KEr errors and PRF question

Section 2.18 also states that in the case of the old and new IKE SA selecting different PRFs, that the rekeying exchange (for SKEYSEED) is done using the *old* IKE SA's PRF. What happens after that? The end of section 2.18 says that SK_d, etc are computed from SKEYSEED as specified in

Re: [IPsec] #116: The AUTH payload signature

Tero requested a clarification: I'm proposing to say that the certificate's hash algorithm does not determine the AUTH hash function (which is the negotiated PRF). Implementations may use the certificates received from a given peer as a hint for selecting a mutually-understood PRF with that

[IPsec] BTNS IPsec APIs

Folks, Is there anybody interested in helping completing the BTNS IPsec APIs documents? If you are, please also state the level of commitment you're willing to dedicate to that goal (e.g., editing, contributing, reviewing.) If there isn't enough interest it seems the logical next step for the

Re: [IPsec] #122: Integrity proposals with combined algorithms

At 4:08 PM +0200 11/24/09, Tero Kivinen wrote: Paul Hoffman writes: The 4th paragraph of section 3.3 says If an algorithm that combines encryption and integrity protection is proposed, it MUST be proposed as an encryption algorithm and an integrity protection algorithm MUST NOT be proposed.

Re: [IPsec] #118: Reference for PKCS #7

At 7:09 PM +0200 11/24/09, Yaron Sheffer wrote: Russ later pointed out that there are multiple RFCs defining PKCS #7. Inputs on current implementations are welcome. PKCS#7 should reference http://tools.ietf.org/html/rfc2315RFC 2315. I think we should leave this as UNSPECIFIED. There are many